Netgear UTM25 – ProSECURE Unified Threat Management (UTM) Appliance User Manual
Configure VPN Tunnels
41
NETGEAR ProSAFE VPN Client
•
Encryption (IPSec) Default. The default lifetime value is 1200 seconds. Change this
setting to 3600 seconds to match the configuration of the VPN router.
setting to 3600 seconds to match the configuration of the VPN router.
4.
Select or clear the Dead Peer Detection check box.
Dead Peer Detection (DPD) is an Internet Key Exchange (IKE) extension (RFC3706) for
detecting a dead IKE peer. This check box is selected by default. To disable DPD, clear
the check box.
detecting a dead IKE peer. This check box is selected by default. To disable DPD, clear
the check box.
The IPSec VPN Client uses DPD under the following circumstances:
•
To detect a dead peer and to delete the associated open SA in the VPN Client.
•
To restart IKE negotiations with an alternate gateway, if you configured one (see
5.
To specify the number of retransmissions, enter a value in the Retransmissions field.
6.
To specify the XAUTH time-out, enter a value in the X-Auth Timeout field.
7.
To specify the default UDP port that is used in the IKE negotiation during the authentication
phase, enter the port in the IKE Port field.
phase, enter the port in the IKE Port field.
The default port is 500, which is not displayed in the IKE Port field.
Note:
Some firewalls do not allow IKE port 500, or outgoing traffic on port 500
might not be allowed. If you change the IKE port number, the remote
gateway must be able to reroute the incoming traffic that is associated
with a port other than IKE port
might not be allowed. If you change the IKE port number, the remote
gateway must be able to reroute the incoming traffic that is associated
with a port other than IKE port
500.
8.
To specify the default NAT port that is used during the IPSec negotiation, enter a value in the
NAT Port field.
NAT Port field.
The default port is 4500, which is not displayed in the NAT Port field.
Note:
Some firewalls do not allow NAT port 4500, or outgoing traffic on port
4500 might not be allowed. If you change the NAT port number, the
remote gateway must be able to reroute the incoming traffic that is
associated with a port other than NAT port
4500 might not be allowed. If you change the NAT port number, the
remote gateway must be able to reroute the incoming traffic that is
associated with a port other than NAT port
4500.
9.
Select or clear the Disable Split Tunnelling check box.
Selecting this check box limits traffic to encrypted traffic and forces all traffic to go through
the VPN tunnel.
the VPN tunnel.
10.
Select Configuration > Save or press Ctrl + S.
Your settings are saved.
Open and Close VPN Tunnels
You can open a tunnel only after you specify its VPN configuration.
For information about how to open tunnels automatically, see
45.