User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

201

202

203

204

205

206

207

208

209

210

208

Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE

> IKE Responder > Advanced

Stop IKE negotiation if no packet received for n seconds

The period of time in seconds after which the unit will stop the IKE negotiation when no

response to a negotiation packet has been received.

Enable NAT-Traversal

Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is

behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can

pass packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not

one or both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal

protocol if NAT is not being performed.

The version of NAT traversal supported is that described in the IETF draft ‘draft-ietf-ipsec-

nat-t-ike-03.txt’.

Send INITIAL-CONTACT notifications

Enables INITIAL-CONTACT notifications to be sent.

Send RESPONDER-LIFETIME notifications

Enables RESPONDER-LIFETIME notifications sent to the initiator. If an initiator requests an

IKE lifetime that is greater than the responder, a notification will be sent and the initiator

should reduce its lifetime value accordingly.

Retain phase 1 SA after failed phase 2 negotiation

The name of a X.509 certificate file holding the router’s private part of the public/private

key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’

section for further explanation.

RSA private key file

The name of a X.509 certificate file holding the router’s private part of the public/private

key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’

section for further explanation.

SA Removal Mode

Determines how IPsec and IKE SAs are removed.

‘Normal’ operation will not delete the IKE SA when all the IPsec SAs that were created by it

are removed and will not remove IPsec SAs when the IKE SA that was used to create them

is deleted.

‘Remove IKE SA when last IPSec SA removed’ will delete the IKE SA when all the IPsec SAs

that it created to a particular peer are removed.

‘Remove IPSec SAs when IKE SA removed’ will delete all IPSec SAs that have been created

by the IKE SA that has been removed.

‘Both’ will remove IPSec SAs when their IKE SA is deleted, and delete IKE SAs when their

IPSec SAs are removed.