Virtual Private Networking Using IPSec and L2TP Connections
261
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
4. Enter the settings as explained in the following table:
5. Click App
ly to save your settings.
Configure Dead Peer Detection
The Dead Peer Detection (DPD) feature lets the VPN firewall maintain the IKE SA by
exchanging periodic messages with the remote VPN peer.
To configure DPD on a configured IKE policy:
1. Select VPN > IPSec VPN. The IPSec VPN sub
menu tabs display with the IKE Policies
screen for IPv4 in view (see Figure 154 on p
age 226).
2. S
pecify the IP version for which you want to edit an IKE policy:
• IP
v4. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to Step 3.
• IP
v6. Select the IPv6 radio button. The IKE Policies screen for IPv6 displays.
3. In the List of IKE Policies t
able, click the Edit table button to the right of the IKE policy that
you want to edit. The Edit IKE Policy screen displays. (The following figure shows only the
IKE SA Parameters section of the screen).
Table 63. Keep-alive settings
Setting Description
General
Enable Keepalive Select the Yes radio button to enable the keep-alive feature. Periodically, the
VPN firewall sends keep-alive requests (ping packets) to the remote endpoint to
keep the tunnel alive. You need to specify the ping IP address in the Ping IP
Address field, the detection period in the Detection Period field, and the
maximum number of keep-alive requests that the VPN firewall sends in the
Reconnect after failure count field.
Ping IP Address The IP address that the VPN firewall pings. The address
shou
ld be of a host that can respond to ICMP ping requests.
Detection Period The period in seconds between the keep-alive requests. The
defau
lt setting is 10 seconds.
Reconnect after
failu
re count
The maximum number of keep-alive requests before the VPN
firewall tears down the connection and then attempts to
reconnect to the remote endpoint. The default setting is
3 keep-alive requests.