Configuring VPN and Security
Configuring Advanced VPN Parameters
STEP 5
Cisco RV180/RV180W Administration Guide
•
Diffie-Hellman (DH) Group—Specify the DH Group algorithm, which is
used when exchanging keys. The DH Group sets the strength of the
algorithm in bits. Ensure that the DH Group is configured identically on both
sides of the IKE policy.
•
SA Lifetime—Enter the interval, in seconds, after which the Security
Association becomes invalid.
•
Dead Peer Detection—Check the Enable box to enable this feature, or
uncheck the box to disable it. Dead Peer Detection (DPD) is used to detect
whether the peer is alive or not. If peer is detected as dead, the router
deletes the IPsec and IKE Security Association. If you enable this feature,
also enter these settings:
-
Detection Period—Enter the interval, in seconds, between consecutive
DPD R-U-THERE messages. DPD R-U-THERE messages are sent only
when the IPsec traffic is idle.
-
Reconnect after Failure Count—Enter the maximum number of DPD
failures allowed before tearing down the connection.
Optionally in the Extended Authentication section, enable Extended
Authentication (XAUTH). When connecting many VPN clients to a VPN gateway
router, XAUTH allows authentication of users with methods in addition to the
authentication method mentioned in the IKE SA parameters.
•
XAUTH Type—Choose one of the following options:
-
None—Disables XAUTH.
-
Edge Device—Authentication is done by one of the following methods:
User Database—User accounts created in the router are used to
authenticate users. After completing this procedure, enter the users on
the VPN > IPsec > VPN Users page.
See
Configuring VPN Users, page
RADIUS-PAP or RADIUS-CHAP—Authentication is done by using a
RADIUS server and either password authentication protocol (PAP) or
challenge handshake authentication protocol (CHAP). After completing
this procedure, set up the RADIUS server on the Security > RADIUS
Server page.
See
Using the Cisco RV180/RV180W With a RADIUS Server,
page
127.
121.
5
115