Sierra Wireless AirLink RV50 Series User Manual page 143

Field
Peer Identity - IP or
Peer Identity - FQDN
Negotiation Mode
IKE Encryption
Algorithm
IKE Authentication
Algorithm
IKE Key Group
IKE SA Life Time
IKE DPD
IKE DPD Interval
(seconds)
Local Address Type
Local Address
Local Address -
Netmask
Rev 1 Dec. 17
Description
Peer Identity - IP appears only when IP is selected from the Peer Identity Type drop-
•
down menu. The VPN Gateway IP Address appears.
Peer Identity - FQDN appears only when User FQDN or FQDN is selected from the
•
Peer Identity Type drop-down menu. Enter the Peer FQDN or Peer User FQDN.
Enable this configuration to operate the onboard VPN under Aggressive mode. Aggressive
mode offers increased performance at the expense of security.
Options are:
Main (default)
•
Aggressive
•
Determines the type and length of encryption key used to encrypt/decrypt ESP
(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES
(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.
Options are: DES, 3DES, AES-128 (default), and AES-256
MD5 is an algorithm that produces a 128-bit digest for authentication. SHA is a more
secure algorithm that produces a 160-bit digest.
Options are: MD5 and SHA1 (default)
Options are: DH1, DH2 (default), or DH5
Determines how long the VPN tunnel is active in seconds.
Options are: 180 to 86400; Default: 7200
Dead Peer Detection (DPD)
Options are:
Disable (default)
•
Enable
•
When DPD is enabled, the AirLink gateway checks to see if the server is still present if
there has been no traffic for a configured interval. If it does not receive an acknowledgment,
it retries at 5 second intervals. If there is no acknowledgment after 5 retries, the status of
the VPN is set to Not Connected and the device attempts to renegotiate IPSEC security
parameters with its peer.
Default is Disabled.
Note: Sierra Wireless recommends that you Enable IKE DPD. Otherwise the AirLink
gateway has no way of detecting that the connection to the VPN server is still available.
Use this field to set the DPD interval (in seconds). If there has been no traffic for the period
of time set in this field, the AirLink gateway retries checking with the server, as described in
IKE DPD.
Options are: 0 to 3600 (default is 1200)
If this field is set to 0, DPD monitoring is turned off (or disabled as described in the IKE
DPD section), but the AirLink gateway still responds to DPD requests from the server.
The network information of the device. Options are: Use the Host Subnet, Single Address,
and Subnet Address (default)
Device subnet address
Device subnet mask information
Default: 255.255.255.0
143
VPN Configuration
41111088