Cisco Small Business RV315W Administration Manual page 78

VPN
Configuring IPsec VPN Policies
STEP 6
Cisco RV315W Broadband Wireless VPN Router Administration Guide
- ESP Authentication Algorithm: Choose either SHA1 or MD5 as the ESP
authentication algorithm. The default is SH1.
- ESP Encryption Algorithm: Choose the symmetric encryption algorithm
that protects data transmission between two IPsec peers. The advanced
encryption standard supports DES, 3DES, AES-128, AES-192, and AES-
256. The default is AES-256.
- PFS: Click Enable to enable PFS to improve security, or click Disable to
disable it. If you enable PFS, a DH exchange is performed for every
phase-2 negotiation. PFS is desired on the keying channel of the VPN
connection.
- SA Lifetime: Enter the values for the time-based SA lifetime and the flow-
based SA lifetime.
- DPD: Click Enable to enable DPD, or click Disable to disable it. DPD is a
method of detecting a dead IKE peer. This method uses IPsec traffic
patterns to minimize the number of messages required to confirm the
availability of a peer. DPD is used to reclaim the lost resources in case a
peer is found dead and it is also used to perform IKE peer failover. If you
enable DPD, specify the delay time and DPD timeout.
DPD Delay Time: Enter the value of delay time in seconds between
consecutive DPD R-U-THERE messages. DPD R-U-THERE messages are
sent only when IPsec traffic is idle.
DPD Timeout: Enter the value of detection timeout in seconds. If there
are no responses and no traffic over the timeout, declare the peer dead.
Click Save to save your settings.
6
75