Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
112
Item Descri
p
tion
SA Lifetime
Enter the ISAKMP SA lifetime of the IKE proposal.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it takes
effect immediately and the old one will be cleared automatically when it expires.
IMPORTANT:
If the SA lifetime expires, the system automatically updates the ISAKMP SA. DH calculation
in IKE negotiation takes time, especially on low-end devices. Set the lifetime greater than 10
minutes to prevent the SA update from influencing normal communication.
172BConfiguring IKE DPD
1. Select VPN > IKE > DPD from the navigation tree to display existing DPD detectors.
Figure 78 DPD detector list
2. Click Add to enter the DPD configuration page.
Figure 79 Adding an IKE DPD detector
3. Configure the IKE DPD parameters, as described in 732HTable 7.
4. Click Apply.
Table 7 Configuration items
Item Descri
p
tion
DPD Name Enter a name for the IKE DPD.
DPD Query Triggering Interval
Enter the interval after which DPD is triggered if no IPsec protected packets is
received from the peer.
DPD Packet Retransmission
Interval
Enter the interval after which DPD packet retransmission will occur if no DPD
response is received.
173BConfiguring an IKE peer
1. Select VPN > IKE > Peer from the navigation tree to display existing IKE peers.