Virtual Private Networks (VPN)
n
The default is Always.
e. For Enable padding, click to disable the padding of IKE packets. This should normally not
be disabled except for compatibility purposes.
f. For Phase 1 lifetime, enter the amount of time that the IKE security association expires
after a successful negotiation and must be re-authenticated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Phase 1 lifetime to ten minutes, enter 10m or 600s.
g. For Phase 2 lifetime, enter the amount of time that the IKE security association expires
after a successful negotiation and must be rekeyed.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s.
h. For Lifetime margin, enter a randomizing amount of time before the IPsec tunnel is
renegotiated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Lifetime margin to ten minutes, enter 10m or 600s.
i. Click to expand Phase 1 Proposals.
i. Click to create a new phase 1 proposal.
ii. For Cipher, select the type of encryption.
iii. For Hash, select the type of hash to use to verify communication integrity.
iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 1 proposals by clicking next to Add Phase 1
Proposal.
j. Click to expand Phase 2 Proposals.
i. Click to create a new phase 2 proposal.
ii. For Cipher, select the type of encryption.
iii. For Hash, select the type of hash to use to verify communication integrity.
iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 2 proposals by clicking next to Add Phase 2
Proposal.
22. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default.
Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether
tunnel communications have failed, allowing the tunnel to be automatically restarted when
failure occurs.
IX14 User Guide
Accept: Do not send oversized IKE messages in fragments, but announce support
for fragmentation to the peer.
IPsec
539