User manual
25: Dynamic Multipoint Virtual Private Network (DMVPN)
_______________________________________________________________________________________________________
encAlgo-authAlgo-PFSGroup
encAlgo: 3des, aes, serpent,
twofish, blowfish
authAlgo: md5, sha, sha2
DHGroup: modp1024,
modp1536, modp2048,
modp3072, modp4096,
modp6144, modp8192
For example: aes128-sha1-
modp1536.
If no DH group is defined then
PFS is disabled.
WAN interface
Dropdown
Menu
Yes None
Defines the WAN interface used by
this tunnel.
IKE life time Integer Yes 3h
Specifies how long the keying
channel of a connection (ISAKMP or
IKE SA) should last before being
renegotiated. Syntax: timespec: 1d,
2h, 25m, 10s.
Key life Integer Yes 1h
Specifies how long a particular
instance of a connection, a set of
encryption/authentication keys for
user packets, should last, from
successful negotiation to expiry.
Normally, the connection is
renegotiated, via the keying
channel, before it expires (see
rekeymargin).
Syntax: timespec: 1d, 2h, 25m,
10s.
Rekey margin Integer Yes 9m
Margintime. Defines how long before
a connection expiry or keying-
channel expiry should begin to
attempt to negotiate a replacement.
Keyring tries String Yes 3
Specifies how many attempts a
positive integer or %forever should
be made to negotiate a connection,
or a replacement for one, before
giving up. The value %forever
means ‘never give up’. It is only
relevant locally; the other end does
not need to agree on it.
DPD Action
Dropdown
Menu
Yes None
Valid values are none, clear, hold
and restart.
None Disables dead peer
detection.
Clear Clears down the tunnel
if a peer does not
respond. Reconnects
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 170 of 255