User`s guide
215
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
ike2 0 rencalgs des, 3des, aes Encryption
ike2 0 renckeybits 128, 192, 256
Encryption (Minimum AES key
length)
ike2 0 rauthalgs md5, sha1 Authentication
ike2 0 rprfalgs md5, sha1 PRF Algorithm
ike2 0 rdhmingroup 1, 2, 5 MODP Group between x and y
ike2 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y
ike2 0 ltime 1 – 28800
Renegotiate after h hrs m mins s
secs
This CLI value is entered in
seconds only.
ike2 0 rekeyltime 1 - 28800
Rekey after h hrs m mins s secs
This CLI value is entered in
seconds only.
Advanced
Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKEv2>
IKEv2 Responder> Advanced
Stop IKE negotiation if no packet received for n seconds
The period of time in seconds after which the unit will stop the IKEv2 negotiation when no
response to a negotiation packet has been received.
Enable NAT-Traversal
Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is
behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can
pass packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not
one or both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal
protocol if NAT is not being performed.
The version of NAT traversal supported is that described in the IETF draft ‘draft-ietf-ipsec-
nat-t-ike-03.txt’.
NAT traversal keep-alive interval n seconds
The interval in seconds in which the NAT Traversal keepalive packets are sent to a NAT
device in order to prevent NAT table entry from expiring.
RSA private key file
The name of a X.509 certificate file holding the router’s private part of the public/private
key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’
section for further explanation.
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
ike2 0 inactto 0 - 255
Stop IKE negotiation if no packet
received for n seconds