NETGEAR ProSafe SRX5308 Cli Reference Manual page 214

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Keyword
auth_algorithm
auth_method
pre_shared_key
dh_group
lifetime
enable_dead_peer_detection
detection_period
reconnect_failure_count
Associated Keyword to
Select or Parameter to Type
MD5 or SHA-1
Pre_shared_key or
RSA_Signature
key
Group1_768_bit,
Group2_1024_bit, or
Group5_1536_bit
seconds
Y or N
seconds
number
VPN Mode Configuration Commands
214
Description
Specifies the algorithm to be used in the
VPN header for the authentication
process:
• SHA-1. Hash algorithm that produces a
160-bit digest.
• MD5. Hash algorithm that produces a
128-bit digest.
Specifies the authentication method:
• Pre_shared_key. A secret that is
shared between the VPN firewall and
the remote endpoint. You also need to
issue the pre_shared_key keyword
and specify the key.
• RSA_Signature. Uses the active
self-signed certificate that you uploaded
on the Certificates screen of the web
management interface.
Note: You cannot upload certificates by
using the CLI.
If the auth_method keyword is set to
Pre_shared_key, specifies a key with a
minimum length of 8 characters and no
more than 49 characters.
Specifies the Diffie-Hellman (DH) group,
which sets the strength of the algorithm in
bits. The higher the group, the more
secure the exchange.
The period in seconds for which the IKE
SA is valid. When the period times out,
the next rekeying occurs.
Enables or disables dead peer detection
(DPD). When DPD is enabled, you also
need to issue the detection_period
and reconnect_failure_count
keywords and associated parameters.
The period in seconds between
consecutive DPD R-U-THERE
messages, which are sent only when the
IPSec traffic is idle.
The maximum number of DPD failures
before the VPN firewall tears down the
connection and then attempts to
reconnect to the peer.