User`s guide
209
Entity
Instance
Parameter
Values
Equivalent Web Parameter
ike 0 rencalgs
des, 3des, aes
Multiple algorithms
can specified in a
comma separated
list
Encryption
ike 0 keybits 0, 128, 192, 256
Encryption (Minimum AES Key
length)
ike 0 rauthalgs
md5, sha1
Multiple algorithms
can specified in a
comma separated
list
Authentication
ike 0 rdhmingroup 1, 2, 5 MODP Group between x and y
ike 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y
ike 0 ltime 1 - 28800
Renegotiate after h hrs m mins s
secs
This CLI value is entered in
seconds only.
Advanced
Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKE> IKE
Responder> Advanced
Stop IKE negotiation if no packet received for n seconds
The period of time in seconds after which the unit will stop the IKE negotiation when no
response to a negotiation packet has been received.
Enable NAT-Traversal
Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is
behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can
pass packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not
one or both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal
protocol if NAT is not being performed.
The version of NAT traversal supported is that described in the IETF draft ‘draft-ietf-ipsec-
nat-t-ike-03.txt’.
Send INITIAL-CONTACT notifications
Enables INITIAL-CONTACT notifications to be sent.
Send RESPONDER-LIFETIME notifications
Enables RESPONDER-LIFETIME notifications sent to the initiator. If an initiator requests an
IKE lifetime that is greater than the responder, a notification will be sent and the initiator
should reduce its lifetime value accordingly.
Retain phase 1 SA after failed phase 2 negotiation
The name of a X.509 certificate file holding the router’s private part of the public/private
key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’
section for further explanation.
RSA private key file