Digi TransPort WR11 User Manual page 504

Configuring Virtual Private Networking (VPN)
Retransmit a frame if no response after n seconds
The amount of time, in seconds, that IKE will wait for a response from the remote unit before
transmitting the negotiation frame.
Stop IKE negotiation after n retransmissions
The maximum number of times that IKE will retransmit a negotiation frame as part of the
exchange before failing.
Stop IKE negotiation if no packet received for n seconds
The period of time, in seconds, after which the router will stop the IKE negotiation when no
response to a negotiation packet has been received.
Enable Dead Peer Detection
Enables Dead Peer Detection. For more information, refer to the Configuration > Network >
IPsec > Dead Peer Detection (DPD) page.
NAT Traversal Mode
Selects the NAT traversal mode for IKE/IPsec: Auto, Disabled, or Force.
When one end of an IPsec tunnel is behind a NAT box, some form of NAT traversal may be
required before the IPsec tunnel can pass packets. Turning NAT Traversal on enables the IKE
protocol to discover whether or not one or both ends of a tunnel is behind a NAT box, and
implements a standard NAT traversal protocol if NAT is not being performed. The version of
NAT traversal supported is that described in the IETF draft document
Traversal in the
Send INITIAL-CONTACT notifications
Enables INITIAL-CONTACT notifications to be sent.
Retain phase 1 SA after failed phase 2 negotiation
Normally IKE functionality is to remove the phase 1 SA if the phase 2 negotiation fails. Enabling
this parameter will cause the router to retain the existing phase 1 SA and retry the phase 2
again.
RSA private key file
The name of a X.509 certificate file holding the router's private part of the public/private key
pair in certificate exchanges. See
explanation.
SA Removal Mode
Determines how IPsec and IKE SAs are removed.
Normal operation does not delete the IKE SA when all the IPsec SAs that were created
n
by it are removed and does not remove IPsec SAs when the IKE SA that created them is
deleted.
Remove IKE SA when last IPSec SA removed deletes the IKE SA when all the IPsec
n
SAs that it created to a particular peer are removed.
Remove IPSec SAs when IKE SA removed deletes all IPSec SAs that have been
n
created by the IKE SA that has been removed.
Digi TransPort® Routers User Guide
IKE.
Use X.509 certificates with IPsec tunnels
Configure Internet Protocol security (IPsec)
Negotiation of NAT-
section for further
504