Table of Contents
Advertisement
Following additional parameters are available for configuration in IKE policy and peer entries:
Role – Responder, Initiator.
- Responder – Orbit waits for a connection from the peer.
- Initiator – Orbit initiates the connection. This is the typical setup.
Initiator Mode – (when role is initiator)
- Always On - Orbit attempts to keep the tunnel always up
- On Demand – Orbit sets up the tunnel only when the traffic matching the IPsec connection is
detected.
Life Time – 15-1440. The time interval, in minutes, after which the IKE security association expires.
DPD Enabled – Enable, Disable. Enabling dead peer detection (DPD) clears an established VPN
connection when a dead peer is detected, and tries to establish a new one.
DPD Interval – 30-3600. Specifies the number of seconds to wait before declaring a peer "dead."
This should be set to no less than 300 seconds to reduce excess network traffic.
The IPsec panel includes configuration for IPsec policy and connection settings. When VPN wizard is
used for configuration, it automatically configures the IPsec policy (<name>_<type>_ipsec_policy), IPsec
connection (<name>_<type>) based on specified VPN name.
MDS 05-6632A01, Rev. F
Figure 3-172. VPN - IKE Policy and IKE Peer menus
MDS Orbit MCR/ECR Technical Manual
257
Advertisement
Table of Contents
Troubleshooting
