Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
109
Item Descri
tion
SA Lifetime
Enter the ISAKMP SA lifetime of the IKE proposal.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it takes
effect immediately and the old one will be cleared automatically when it expires.
IMPORTANT:
If the SA lifetime expires, the system automatically updates the ISAKMP SA. DH calculation
in IKE negotiation takes time, especially on low-end devices. Set the lifetime greater than 10
minutes to prevent the SA update from influencing communication.
Configuring IKE DPD
1. Select VPN > IKE > DPD from the navigation tree to display existing DPD detectors.
Figure 78 DPD detector list
2. Click Add to enter the DPD configuration page.
Figure 79 Adding an IKE DPD detector
3. Configure the IKE DPD parameters, as described in Table 7.
4. Click Apply.
Table 7 Configuration items
Item Descri
tion
DPD Name Enter a name for the IKE DPD.
DPD Query Triggering Interval
Enter the interval after which DPD is triggered if no IPsec protected packets is
received from the peer.
DPD Packet Retransmission
Interval
Enter the interval after which DPD packet retransmission will occur if no DPD
response is received.