Filter
Top Products
B-45
User Guide for Cisco Security Manager 3.0.1
OL-8214-02
Appendix B Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
• Configuring VPN Global Settings, page 9-73
Field Reference
Table B-16 VPN Global Settings Page > ISAKMP/IPSec Settings Tab
Element Description
ISAKMP Settings
Enable Keepalive Enable—When selected, enables you to configure IKE keepalive as
the default failover and routing mechanism.
Note IKE keepalive is defined on the spokes in a hub-and-spoke
VPN topology, or on both devices in a point-to-point VPN
topology.
Interval The number of seconds that a device waits between sending IKE
keepalive packets. The default is 10 seconds.
Retry The number of seconds a device waits between attempts to establish
an IKE connection with the remote peer. The default is 2 seconds.
Periodic Available only if Enable Keepalive is selected, and supported on
routers running IOS version 12.3(7)T and later, except 7600
devices.
When selected, enables you to send dead-peer detection (DPD)
keepalive messages even if there is no outbound traffic to be sent.
Usually, DPD keepalive messages are sent between peer devices
only when no incoming traffic is received but outbound traffic needs
to be sent.
For more information, see About IKE Keepalive, page 9-69.
Identity During Phase I IKE negotiations, peers must identify themselves to
each other.
Select to use the IP address or the hostname of the device that it will
use to identify itself in IKE negotiations. You can also select to use
a Distinguished Name (DN) to identify a user group name.