R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
18
Figure 14 IKE global configuration page
Table 4 Global IKE configuration items
Item Descri
p
tion
IKE Local Name
Type a name for the local security gateway.
If the local device acts as the IKE negotiation initiator and uses the security gateway name
for IKE negotiation, you must configure this argument on the local device. Then, the local
device sends its gateway name as identification to its peer and the peer uses the locally
configured remote gateway name to authenticate the local device. Therefore, make sure
that the local gateway name configured here is identical to the remote gateway name
configured on its peer.
By default, the device name is used as the local gateway name.
NAT Keepalive
Interval
Set the interval at which the ISAKMP SA sends NAT keepalive packets to its peer.
NAT mappings on a NAT gateway may get aged. If no packet traverses an IPsec tunnel
in a certain period of time, the NAT mapping will be deleted, disabling the tunnel beyond
the NAT gateway from transferring data. To prevent NAT mappings from being aged, an
ISAKMP SA sends to its peer NAT keepalive packets at a certain interval to keep the NAT
session alive.
Return to IKE configuration task list.
Configuring an IKE proposal
Select VPN > IKE > Proposal from the navigation tree to display existing IKE proposals, as shown
in Figure 15. T
hen, click Add to configure an IKE proposal, as shown in Figure 16.
Figure 15 IKE proposal list