Manualshelf

Operation Manual

ManualsBrandsCradlepoint ManualscomputerAER3100
151152153154155156157158159160
Perfect Forward Secrecy (PFS): Enabling this feature will require IKE to generate a new set of keys in phase 2 rather
than using the same key generated in phase 1. Additionally, with this option enabled the new keys generated in phase 2
are exchanged in an encrypted session. Enabling this feature affords the policy greater security.
Key Lifetime: The lifetime of the generated keys of phase 2 of the IPsec negotiation from IKE. After the time has
expired, IKE will renegotiate a new set of phase 2 keys.
Phase 2 has the same selection of Encryption, Hash, and DH Groups as phase 1, but you are restricted to only one
DH Group. phase 2 and phase 1 selections do not have to match.
Add/Edit Tunnel – Dead Peer Detection
Dead Peer Detection (DPD) defines how the router will detect when one end of the IPsec session loses connection
while a policy is in use.
Connection Idle Time: Configure how long the router will allow an IPsec session to be idle before beginning to send
Dead Peer Detection (DPD) packets to the peer machine. (Default: 30 seconds. Range: 10 – 3600 seconds.)
Request Frequency allows you to adjust the delay between these DPD packets. (Default: 15 seconds. Range: 2 – 30
seconds.)
Maximum Requests: Specify how many requests to send at the selected time interval before the tunnel is considered
dead. (Default: 5. Range: 2 – 10.)
Failback Retry Period: If you have VPN tunnel failover/failback enabled (see below), set the time period between each
check on the primary network after failover. (Default: 10 seconds. Range: 5 – 60 seconds.)
158