Configuring Keepalives And Dead Peer Detection; Configuring Keepalives - NETGEAR FVX538v2 - ProSafe VPN Firewall Dual WAN Reference Manual

ProSafe VPN Firewall 200 FVX538 Reference Manual

Configuring Keepalives and Dead Peer Detection

In some cases, it may not be desirable to have a VPN tunnel drop when traffic is idle; for example,
when client-server applications over the tunnel cannot tolerate the tunnel establishment time. If
you require your VPN tunnel to remain connected, you can use the Keepalive and Dead Peer
Detection features to prevent the tunnel from dropping and to force a reconnection if the tunnel
drops for any reason.
For Dead Peer Detection to function, the peer VPN device on the other end of the tunnel must also
support Dead Peer Detection. Keepalive, though less reliable than Dead Peer Detection, does not
require any support from the peer device.

Configuring Keepalives

The keepalive feature maintains the IPSec SA by sending periodic ping requests to a host across
the tunnel and monitoring the replies. To configure the keepalive on a configured VPN policy,
follow these steps:
1. Select VPN from the main menu and Policies from the submenu.
2. Click the VPN Policies tab, then click the edit button next to the desired VPN policy.
3. In the General section of the Edit VPN Policy screen, locate the keepalive configuration
settings.
Figure 5-39
4. Click the Yes radio button to enable keepalive.
5-42
v1.0, January 2010
Virtual Private Networking