Configuring Keepalives And Dead Peer Detection; Configuring Keepalive - NETGEAR ProSafe FVS336G Reference Manual

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection
policy you configured will appear; in this case "My Connections\modecfg_test".
2. Click on the connection. Within 30 seconds the message "Successfully connected to
MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read
"On".
3. From the client PC, ping a computer on the VPN firewall LAN.

Configuring Keepalives and Dead Peer Detection

In some cases, it may not be desirable to have a VPN tunnel drop when traffic is idle; for example,
when client-server applications over the tunnel cannot tolerate the tunnel establishment time. If
you require your VPN tunnel to remain connected, you can use the Keepalive and Dead Peer
Detection features to prevent the tunnel from dropping and to force a reconnection if the tunnel
drops for any reason.
For Dead Peer Detection to function, the peer VPN device on the other end of the tunnel must also
support Dead Peer Detection. Keepalive, though less reliable than Dead Peer Detection, does not
require any support from the peer device.

Configuring Keepalive

The keepalive feature maintains the IPSec SA by sending periodic ping requests to a host across
the tunnel and monitoring the replies. To configure the keepalive on a configured VPN policy,
follow these steps:
1. Select VPN > Policies from the main menu.
2. Click the VPN Policies tab, then click the edit button next to the desired VPN policy.
Virtual Private Networking Using IPsec
v1.2, June 2008
5-29