Configuring Virtual Private Networks (VPNs) and Security
Configuring Advanced VPN Parameters
Cisco RV220W Administration Guide
115
6
•
Authentication Algorithm—
Specify the authentication algorithm for the
VPN header:
-
MD5
-
SHA-1
-
SHA2-256
-
SHA2-384
-
SHA2-512
Ensure that the authentication algorithm is configured identically on both
sides.
•
Authentication Method—
Choose one of the following options:
-
Pre-Shared Key—
Choose this option for a simple password-based key
that is shared with the IKE peer. Then enter the key in the space provided.
Note that the double-quote character (“) is not supported in the pre-
shared key.
-
RSA-Signature—
Choose this option to disable the pre-shared key text
field and use the Active Self Certificate that was uploaded on the
Security > SSL Certificate
page. A certificate must be configured in
order for RSA-Signature to work.
•
Diffie-Hellman (DH) Group—
Specify the DH Group algorithm, which is
used when exchanging keys. The DH Group sets the strength of the
algorithm in bits. Ensure that the DH Group is configured identically on both
sides of the IKE policy.
•
SA Lifetime—
Enter the interval, in seconds, after which the Security
Association becomes invalid.
•
Dead Peer Detection—
Check the
Enable
box to enable this feature, or
uncheck the box to disable it. Dead Peer Detection (DPD) is used to detect
whether the peer is alive or not. If peer is detected as dead, the router
deletes the IPsec and IKE Security Association. If you enable this feature,
also enter these settings:
-
Detection Period—
Enter the interval, in seconds, between consecutive
DPD R-U-THERE messages. DPD R-U-THERE messages are sent only
when the IPsec traffic is idle.
-
Reconnect after Failure Count—
Enter the maximum number of DPD
failures allowed before tearing down the connection.