Digi IX10-00G4 User Manual page 266

Virtual Private Networks (VPN)
j. Click to expand Phase 2 Proposals.
i. Click  to create a new phase 2 proposal.
ii. For Cipher, select the type of encryption.
iii. For Hash, select the type of hash to use to verify communication integrity.
iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 2 proposals by clicking  next to Add Phase 2
Proposal.
22. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default.
Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether
tunnel communications have failed, allowing the tunnel to be automatically restarted when
failure occurs.
a. To enable or disable dead peer detection, click Enable.
b. For Delay, type the number of seconds between transmissions of dead peer packets. Dead
peer packets are only sent when the tunnel is idle.
c. For Timeout, type the number of seconds to wait for a response from a dead peer packet
before assuming the tunnel has failed.
23. (Optional) Click to expand NAT to create a list of destination networks that require source NAT.
a. Click  next to Add NAT destination.
b. For Destination network, type the IPv4 address and optional netmask of a destination
network that requires source NAT. You can also use any, meaning that any destination
network connected to the tunnel will use source NAT.
24. See Configure SureLink active recovery for IPsec
25. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values.
26. Click Apply to save the configuration and apply the change.

Command line
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10
local command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to access the Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Add an IPsec tunnel. For example, to add an IPsec tunnel named ipsec_example:
(config)> add vpn ipsec tunnel ipsec_example
(config vpn ipsec tunnel ipsec_example)>
The IPsec tunnel is enabled by default. To disable:
(config vpn ipsec tunnel ipsec_example)> enable false
(config vpn ipsec tunnel ipsec_example)>
IX10 User Guide
for information about IPsec Active recovery.
IPsec
266