NETGEAR FVS318G Reference Manual page 267

NETGEAR ProSAFE VPN Firewall FVS318G v2
Table 57. Add IKE Policy screen settings for a Mode Config configuration (continued)
Setting Description
Authentication Method Select Pre-shared key as the authentication method, and enter a key in the
Pre-shared key field.
Pre-shared key
Diffie-Hellman (DH) The DH Group sets the strength of the algorithm in bits. From the list, select Group
Group 2 (1024 bit).
SA-Lifetime (sec) The period in seconds for which the IKE SA is valid. When the period times out, the
next rekeying occurs. The default setting is 28800 seconds (eight hours). However,
for a Mode Config configuration, NETGEAR recommends 3600 seconds
(one hour).
Enable Dead Peer Select whether Dead Peer Detection (DPD) is enabled:
Detection
•
Note: See also
Configure Keep-Alives
and Dead Peer
•
Detection
on
page 276.
Detection Period
Reconnect after
failure count
Virtual Private Networking Using IPSec and L2TP Connections
A key with a minimum length of 8 characters and no more than
49 characters. Do not use a double quote (''), single quote ('),
or space in the key.
Yes. This feature is enabled. When the VPN firewall detects an IKE connection
failure, it deletes the IPSec and IKE SA and forces a reestablishment of the
connection. You must specify the detection period in the Detection Period
field and the maximum number of times that the VPN firewall attempts to
reconnect in the Reconnect after failure count field.
No. This feature is disabled. This is the default setting.
The period in seconds between consecutive
DPD R-U-THERE messages, which are sent only when the
IPSec traffic is idle. The default setting is 10 seconds. This
example uses 30 seconds.
The maximum number of DPD failures before the VPN firewall
tears down the connection and then attempts to reconnect to
the peer. The default setting is 3 failures.
267