User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

201

202

203

204

205

206

207

208

209

210

207

Stop IKE negotiation after n retransmissions

The maximum number of times that IKE will retransmit a negotiation frame as part of the

exchange before failing.

Stop IKE negotiation if no packet received for n seconds

The period of time in seconds after which the unit will stop the IKE negotiation when no

response to a negotiation packet has been received.

Enable Dead Peer Detection

Enables Dead Peer Detection. For more information, refer to the Configuration – Network

> IPsec > Dead Peer Detection (DPD) page.

Enable NAT-Traversal

Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is

behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can

pass packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not

one or both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal

protocol if NAT is not being performed.

The version of NAT traversal supported is that described in the IETF draft ‘draft-ietf-ipsec-

nat-t-ike-03.txt’.

Send INITIAL-CONTACT notifications

Enables INITIAL-CONTACT notifications to be sent.

Retain phase 1 SA after failed phase 2 negotiation

Normally IKE functionality is to remove the phase 1 SA if the phase 2 negotiation fails.

Enabling this parameter will cause the router to retain the existing phase 1 SA and retry the

phase 2 again.

RSA private key file

The name of a X.509 certificate file holding the router’s private part of the public/private

key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’

section for further explanation.

SA Removal Mode

Determines how IPsec and IKE SAs are removed.

‘Normal’ operation will not delete the IKE SA when all the IPsec SAs that were created by it

are removed and will not remove IPsec SAs when the IKE SA that was used to create them

is deleted.

‘Remove IKE SA when last IPSec SA removed’ will delete the IKE SA when all the IPsec SAs

that it created to a particular peer are removed.

‘Remove IPSec SAs when IKE SA removed’ will delete all IPSec SAs that have been created

by the IKE SA that has been removed.

‘Both’ will remove IPSec SAs when their IKE SA is deleted, and delete IKE SAs when their

IPSec SAs are removed.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

ike n retranint 0 - 255

Retransmit a frame if no response

after n seconds

ike n retran 0 - 9

Stop IKE negotiation after n

retransmissions

ike n inactto 0 - 255

Stop IKE negotiation if no packet

received for n seconds