Page 61
aliveness
3.
DPD (RFC 3706)
– Uses a bi-directional (
‘HELLO/ACK’
) message
to determine connection aliveness.
Check After Idle
– Indicates the time period in which no traffic
passes - a
Detection
packet is sent to the peer.
Retry Times
– The number of times a device will attempt to send the
Detection packet before the
Check After Idle
time expires.
Action
–
This will
execute one of the following actions after the
Detection is determined:
Failover
- ignores the dead tunnel.
Remove Tunnel
- disconnects the dead tunnel.
Keep Tunnel Alive
- attempts to keep the tunnel alive.
Logging
– If set to Enable, all DPD activity of will show up in the
VPN log.
NAT Traversal Feature
NAT Traversal (NAT-T)
– NAT Traversal is a VPN Gateway feature
that circumvents IPSec NATing problems. It is a more effective
solution than IPSec Passthrough. If you enable the checkbox it will
turn on NAT-T mechanism. By default is
“Disable”.
Keep Alive Interval
– It is usually necessary for the IPSec to send
periodic keep-alive packets, so that the NAT mapping does not
change until the phase1 and phase2 SAs expire. By default is
“0”
second mean always keep alive.
UDP Checksum
– All UDP packets contain a UDP checksum, a
calculated value that ensures UDP packets are free of transmission
errors. The device (Multi-WAN router) does not require use of UDP
checksum for NAT-T. Therefore, the checkbox keep it always
“Disable”.