Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
20
Item Descri
p
tion
SA Lifetime
Type the ISAKMP SA lifetime of the IKE proposal.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it takes
effect immediately and the old one will be cleared automatically when it expires.
IMPORTANT:
If the SA lifetime expires, the system automatically updates the ISAKMP SA. DH calculation
in IKE negotiation takes time, especially on low-end devices. Set the lifetime greater than 10
minutes to prevent the SA update from influencing normal communication.
Return to IKE configuration task list.
Configuring IKE DPD
Select VPN > IKE > DPD from the navigation tree to display existing DPDs, as shown in Figure 17. Then,
click Add to add an IKE DPD, as shown in Figure 18.
Figure 17 DPD list
Figure 18 Add an IKE DPD
Table 6 IKE DPD configuration items
Item Descri
p
tion
DPD Name Type a name for the IKE DPD.
DPD Query
Triggering Interval
Type the interval after which DPD is triggered if no IPsec protected packets is received
from the peer.
DPD Packet
Retransmission
Interval
Type the interval after which DPD packet retransmission will occur if no DPD response is
received.
Return to IKE configuration task list.