VPN Global Settings
Table 16-1
VPN Global Settings Fields
Element
XAuth Timeout
IKE Identity
Dead Peer Detection
IPSec Security Association (SA)
Lifetime (Sec)
Cisco Router and Security Device Manager 2.5 User's Guide
16-2
Description
The number of seconds the router is to wait for a a system to respond
to the XAuth challenge.
Either the host name of the router or the IP address that the router
will use to identify itself in IKE negotiations.
Dead Peer Detection (DPD) enables a router to detect a dead peer
and, if detected, delete the IPSec and IKE security associations with
that peer. If DPD is enabled, the following additional information is
displayed:
IKE Keepalive (Sec)—The value is the number of seconds that
•
the router waits between sending IKE keepalive packets.
IKE Retry (Sec)—The value is the number of seconds that the
•
router waits between attempts to establish an IKE connection
with the remote peer. By default, "2" seconds is displayed.
DPD Type—Either On Demand or Periodic. If set to On
•
Demand, DPD messages are sent on the basis of traffic
patterns. For example, if a router has to send outbound traffic
and the liveliness of the peer is questionable, the router sends a
DPD message to query the status of the peer. If a router has no
traffic to send, it never sends a DPD message.
If set to Periodic, the router sends DPD messages at the interval
specified by the IKE Keepalive value.
The amount of time after which IPSec security associations (SAs)
will expire and be regenerated. The default is 3600 seconds (1
hour).
Chapter 16
VPN Global Settings
OL-4015-12