NETGEAR ProSafe SRX5308 Reference Manual page 164

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Table 38. Add IKE Policy screen settings (continued)
Setting Description
Authentication Method Select one of the following radio buttons to specify the authentication method:
• Pre-shared key. A secret that is shared between the VPN firewall and the
• RSA-Signature. Uses the active self certificate that you uploaded on the
Pre-shared key
Diffie-Hellman (DH) The DH Group sets the strength of the algorithm in bits. The higher the group, the
Group more secure the exchange. From the drop-down list, select one of the following
three strengths:
• Group 1 (768 bit).
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit).
Note:
SA-Lifetime (sec) The period in seconds for which the IKE SA is valid. When the period times out,
rekeying occurs. The default is 28800 seconds (8 hours).
Enable Dead Peer Select a radio button to specify whether or not Dead Peer Detection (DPD) is
Detection enabled:
• Yes. This feature is enabled. When the VPN firewall detects an IKE connection
Note: See also
Configure Keep-alives
and Dead Peer
Detection on
• No. This feature is disabled. This is the default setting.
page 191.
Detection Period
Reconnect after
failure count
Extended Authentication
XAUTH Configuration Select one of the following radio buttons to specify whether or not Extended
Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify
user account information:
Note: For more • None. XAUTH is disabled. This the default setting.
information about
• Edge Device. The VPN firewall functions as a VPN concentrator on which one
XAUTH and its
authentication modes,
see Configure XAUTH
• IPSec Host. The VPN firewall functions as a VPN client of the remote gateway.
for VPN Clients on
page 173.
Virtual Private Networking Using IPSec Connections
remote endpoint.
Certificates screen (see Manage Self-Signed Certificates
pre-shared key is masked out when you select the RSA-Signature option.
A key with a minimum length of 8 characters no more than 49
characters. Do not use a double quote (") in the key.
Ensure that the DH Group is configured identically on both sides.
failure, it deletes the IPSec and IKE SA and forces a reestablishment of the
connection. You need to specify the detection period in the Detection Period
field and the maximum number of times that the VPN firewall attempts to
reconnect in the Reconnect after failure count field.
The period in seconds between consecutive
DPD R-U-THERE messages, which are sent only when the
IPSec traffic is idle. The default is 10 seconds.
The maximum number of DPD failures before the VPN
firewall tears down the connection and then attempts to
reconnect to the peer. The default is 3 failures.
or more gateway tunnels terminate. The authentication modes that are available
for this configuration are User Database, RADIUS PAP, or RADIUS CHAP.
In this configuration the VPN firewall is authenticated by a remote gateway with
a user name and password combination.
164
on page 237). The