[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring VPN Global Settings (Standard VPNs)

Global VPN settings help you monitor and maintain the efficient operation of your VPN. The following example-based instructions show how to configure global IPsec VPN settings.

Before You Begin
For background information, read Virtual Private Networks (VPNs) Overview. Understanding IKE and IPsec Packet Processing. Configuring an IPsec Tunnel—Overview

Before You Begin

For background information, read

Peers in a Security Association (SA) can become unsynchronized when one of the peers fails, for example, and reboots, causing it to send an incorrect SPI. You enable the device to detect such an event and resynchronize the peers by configuring the bad SPI response feature, and VPN monitoring.

In this example, you configure the device to detect and respond five times to a bad IPsec SPI before deleting the SA and initiating a new one. You also configure the device to monitor the VPN by sending Internet Control Message Protocol (ICMP) requests to the peer every 15 seconds, and to declare the peer unreachable after 15 unsuccessful pings.

To configure VPN global settings, use either the J-Web or the CLI configuration editor. (For information about configuring global settings using J-Web Quick Configuration pages, see Configuring VPN Global Settings—Quick Configuration (Standard VPNs).)

This topic covers:

J-Web Configuration

To configure global VPN settings in J-Web:

In the J-Web user interface, select Configuration > View and Edit > Edit Configuration > Security > IKE.
Check the Respond Bad SPI check box, then click Configure.
Enter a value in the Max responses field.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To apply the configuration, click Commit.
- To cancel your entries and return to the main page, click Cancel.
Select Configuration > View and Edit > Edit Configuration > Security > IPsec.
Check the VPN monitor options check box, and then click Configure.
Enter a value in the Interval field.
Enter a value in the Threshold field.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To apply the configuration, click Commit.
- To cancel your entries and return to the main page, click Cancel.

CLI Configuration

To configure global VPN settings in the CLI editor:


            
               user@host# set security ike respond-bad-spi
                     5
               user@host# set security ipsec vpn-monitor-options
                     interval 15 threshold 15

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]