NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual page 169
Gigabit quad wan ssl vpn firewall
Hide thumbs
Also See for SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall:
- Configuration manual (8 pages) ,
- Use manual (9 pages) ,
- Network setup manual (8 pages)
Table of Contents
Advertisement
Table 5-10. Add IKE Policy Settings (continued)
Item
Authentication
Algorithm
Authentication Method Select one of the following radio buttons to specify the authentication method:
Diffie-Hellman (DH)
Group
SA-Lifetime (sec)
Enable Dead Peer
Detection
Note: See also
"Configuring
Keepalives and Dead
Peer Detection" on
page
5-55.
Virtual Private Networking Using IPsec Connections
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Description (or Subfield and Description)
From the drop-down list, select one of the following two algorithms to use in
the VPN header for the authentication process:
• SHA-1. Hash algorithm that produces a 160-bit digest. This is the default
setting.
• MD5. Hash algorithm that produces a 128-bit digest.
• Pre-shared key. A secret that is shared between the VPN firewall and the
remote endpoint.
• RSA-Signature. Uses the active self certificate that you uploaded on the
Certificates screen (see
pre-shared key is masked out when you select the RSA-Signature option.
Pre-shared key
The DH Group sets the strength of the algorithm in bits. The higher the group,
the more secure the exchange. From the drop-down list, select one of the
following three strengths:
• Group 1 (768 bit).
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit).
Note: Ensure that the DH Group is configured identically on both sides.
The period in seconds for which the IKE SA is valid. When the period times
out, the next rekeying must occur. The default is 28800 seconds (8 hours).
Select a radio button to specify whether or not Dead Peer Detection (DPD) is
enabled:
• Yes. This feature is enabled. When the VPN firewall detects an IKE
connection failure, it deletes the IPsec and IKE SA and forces a
reestablishment of the connection. You must specify the detection period in
the Detection Period field and the maximum number of times that the VPN
firewall attempts to reconnect in the Reconnect after failure count field.
• No. This feature is disabled. This is the default setting.
Detection Period
Reconnect after
failure count
v1.0, April 2010
"Managing Self Certificates" on page
A key with a minimum length of 8 characters no more than
49 characters. Do not use a double quote (") in the key.
The period in seconds between consecutive
"DPD R-U-THERE" messages, which are sent only when
the IPsec traffic is idle. The default is 10 seconds.
The maximum number of DPD failures before the VPN
firewall tears down the connection and then attempts to
reconnect to the peer. The default is 3 failures.
7-20). The
5-27
Advertisement
Table of Contents
Troubleshooting
