User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

201

202

203

204

205

206

207

208

209

210

205

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

ike n encalg des, 3des, aes Encryption

ike n keybits 0, 128, 192, 256 Encryption (AES Key length)

ike n authalg md5, sha1 Authentication

ike n aggressive on, off Mode

ike n ikegroup 1, 2, 5 MODP Group for Phase 1

ike n ipsecgroup 1, 2, 5 MODP Group for Phase 2

ike n ltime 1 - 28800

Renegotiate after h hrs m mins s

secs

This CLI value is entered in seconds

only.

Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE

> IKE n > Advanced

Retransmit a frame if no response after n seconds

The amount of time in seconds that IKE will wait for a response from the remote unit before

transmitting the negotiation frame.

Stop IKE negotiation after n retransmissions

The maximum number of times that IKE will retransmit a negotiation frame as part of the

exchange before failing.

Stop IKE negotiation if no packet received for n seconds

The period of time in seconds after which the unit will stop the IKE negotiation when no

response to a negotiation packet has been received.

Enable Dead Peer Detection

Enables Dead Peer Detection. For more information, refer to the Configuration – Network

> IPsec > Dead Peer Detection (DPD) page.

Enable NAT-Traversal

Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is

behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can

pass packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not

one or both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal

protocol if NAT is not being performed.

The version of NAT traversal supported is that described in the IETF draft ‘draft-ietf-ipsec-

nat-t-ike-03.txt’.

Send INITIAL-CONTACT notifications

Enables INITIAL-CONTACT notifications to be sent.

Retain phase 1 SA after failed phase 2 negotiation

Normally IKE functionality is to remove the phase 1 SA if the phase 2 negotiation fails.

Enabling this parameter will cause the router to retain the existing phase 1 SA and retry the

phase 2 again.