Digi TransPort WR11 User Manual page 515

Configuring Virtual Private Networking (VPN)
Command line
Command Instance
ike2 0
ike2 0
ike2 0
ike2 0
ike2 0
ike2 0
ike2 0
ike2 0
Configure advanced IKEv2 Responder parameters
É
Web
1. Go to Configuration > Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2
Responder > Advanced.
2. Configure the advanced IKEv2 Responder parameters as needed:
Stop IKE negotiation if no packet received for n seconds
The period of time, in seconds, after which the router will stop the IKEv2 negotiation when no
response to a negotiation packet has been received.
Enable NAT-Traversal
Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is behind
a NAT box, some form of NAT traversal may be required before the IPsec tunnel can pass
packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not one or
both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal protocol if
NAT is not being performed.
The version of NAT traversal supported is that described in the IETF draft document
ipsec-nat-t-ike-03.
Digi TransPort® Routers User Guide
Parameter Values
rencalgs des, 3des, aes
renckeybits 128, 192, 256
rauthalgs md5, sha1
rprfalgs md5, sha1
rdhmingroup 1, 2, 5
rdhmaxgroup 1, 2, 5
ltime 1-28800
rekeyltime 1-28800
Configure Internet Protocol security (IPsec)
Equivalent web parameter
Encryption
Encryption (Minimum AES key length)
Authentication
PRF Algorithm
MODP Group between x and y
MODP Group between x and y
Renegotiate after h hrs m mins s secs
This CLI value is entered in seconds only.
Rekey after h hrs m mins s secs
This CLI value is entered in seconds only.
draft-ietf-
515