NETGEAR UTM5EW-100NAS Appliance Reference Manual page 241

Table 7-10. Add IKE Policy Settings (continued)
Item
Authentication
Algorithm
Authentication Method Select one of the following radio buttons to specify the authentication method:
Diffie-Hellman (DH)
Group
SA-Lifetime (sec)
Enable Dead Peer
Detection
Note: See also
"Configuring
Keepalives and Dead
Peer Detection" on
page 7-55.
Virtual Private Networking Using IPsec Connections
ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Description (or Subfield and Description)
From the pull-down menu, select one of the following two algorithms to use in
the VPN header for the authentication process:
• SHA-1. Hash algorithm that produces a 160-bit digest. This is the default
setting.
• MD5. Hash algorithm that produces a 128-bit digest.
• Pre-shared key. A secret that is shared between the UTM and the remote
endpoint.
• RSA-Signature. Uses the active Self Certificate that you uploaded on the
Certificates screen (see
Pre-shared key is masked out when you select the RSA-Signature option.
Pre-shared key
The DH Group sets the strength of the algorithm in bits. The higher the group,
the more secure the exchange. From the pull-down menu, select one of the
following three strengths:
• Group 1 (768 bit).
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit).
Note: Ensure that the DH Group is configured identically on both sides.
The period in seconds for which the IKE SA is valid. When the period times
out, the next rekeying must occur. The default is 28800 seconds (8 hours).
Select a radio button to specify whether or not Dead Peer Detection (DPD) is
enabled:
• Yes. This feature is enabled: when the UTM detects an IKE connection
failure, it deletes the IPsec and IKE SA and forces a reestablishment of the
connection. You must enter the detection period and the maximum number
of times that the UTM attempts to reconnect (see below).
• No. This feature is disabled. This is the default setting.
Detection Period
Reconnect after
failure count
v1.0, January 2010
"Managing Self Certificates" on page
A key with a minimum length of 8 characters no more than
49 characters. Do not use a double quote (") in the key.
The period in seconds between consecutive
"DPD R-U-THERE" messages, which are sent only when
the IPsec traffic is idle.
The maximum number of times that the UTM attempts to
reconnect after a DPD situation. When the maximum
number of times is exceeded, the IPsec connection is
terminated.
9-20). The
7-29