Virtual Private Networking Using IPSec, PPTP, or L2TP Connections
305
ProSecure Unified Threat Management (UTM) Appliance
Enable Keepalive
Note: See also
Configure Keep-Alives
and Dead Peer
Detection on page 328.
Select a radio button to specify if keep-alive is enabled:
• Yes. This feature is enabled: Periodically, the UTM sends keep-alive
requests (ping packets) to the remote endpoint to keep the tunnel alive. You
need to specify the ping IP address in the Ping IP Address field, the
detection period in the Detection Period field, and the maximum number of
keep-alive requests that the UTM sends in the Reconnect after failure count
field.
• No. This feature is disabled. This is the default setting.
Ping IP Address The IP address that the UTM pings. The address needs to
be of a host that can respond to ICMP ping requests.
Detection Period The period in seconds between the keep-alive requests. The
default setting is 10 seconds.
Reconnect after
failure count
The maximum number of keep-alive requests before the
UTM tears down the connection and then attempts to
reconnect to the remote endpoint. The default setting is
3 keep-alive requests.
Traffic Selection
Local IP From the drop-down list, select the address or addresses that are part of the
VPN tunnel on the UTM:
• Any. All computers and devices on the network.
• Single. A single IP address on the network. Enter the IP address in the Start
IP Address field.
• Range. A range of IP addresses on the network. Enter the starting IP
address in the Start IP Address field and the ending IP address in the End
IP Address field.
• Subnet. A subnet on the network. Enter the starting IP address in the Start
IP Address field and the subnet mask in the Subnet Mask field.
Note: You cannot select Any for both the UTM and the remote endpoint.
Remote IP From the drop-down list, select the address or addresses that are part of the
VPN tunnel on the remote endpoint. The selections are the same as for the
Local IP drop-down list.
Manual Policy Parameters
Note: These fields apply only when you select Manual Policy as the policy type. When you specify the
settings for the fields in this section, a security association (SA) is created.
SPI-Incoming The Security Parameters Index (SPI) for the inbound policy. Enter a
hexadecimal value between 3 and 8 characters (for example, 0x1234).
Table 74. Add New VPN Policy screen settings (continued)
Setting Description