Configuring VPN
Advanced Configuration of IPsec VPN
STEP 7
Cisco SA500 Series Security Appliances Administration Guide
The double-quote character (") is not permitted for the shared key.
NOTE
•
Pre-shared key: Enter the alpha-numeric key to be shared with IKE peer.
•
Diffie-Hellman (DH) Group: Choose the Diffie-Hellman algorithm to use
when exchanging keys. The DH Group sets the strength of the algorithm in
bits.
•
SA Lifetime (seconds): Enter the number of seconds for the Security
Association to remain valid.
•
Enable Dead Peer Detection: Check this box to enable the security
appliance to detect whether a peer is alive or not. If a peer is detected as
dead, then the security appliance deletes the IPsec and IKE Security
Association.
•
Detection Period (seconds): Detection Period is the interval between
consecutive DPD R-U-THERE messages. DPD R-U-THERE messages are
sent only when the IPsec traffic is idle.
•
Reconnect after failure count: Maximum number of DPD failures allowed
before tearing down the connection.
In the Extended Authentication (XAUTH) area, you can enable the VPN gateway
router to authenticate users from the User Database (default choice) or an external
authentication server such as a RADIUS server. Choose one of the following
XAUTH Types:
•
None: Choose this option to disable XAUTH.
•
User Database: Choose this option if you want to authenticate users based
on the accounts that you create in this Configuration Utility. If you choose this
option, be sure to add the users on the IPsec Users page. See
the User Database for the IPsec Remote Access VPN, page
•
IPsec Host: Choose this option if you want the security appliance to be
authenticated with a username and password combination. In this mode, the
security appliance acts as a VPN Client of the remote gateway. If you choose
this option, also enter a Username and Password.
-
Username: If you chose IPsec Host as the XAUTH Type, enter the user
name for the security appliance to use when connecting to the remote
server. The username can include any alphanumeric characters.
-
Password: Enter the password for the security appliance to use when
connecting to the remote server.
7
Configuring
142.
147