Adjusting gateway settings for Secure SD-WAN Engines in existing VPNs
The Gateway Settings element defines performance-related VPN options for the Secure SD-WAN Engines.
The gateway settings are used internally and there is no need to match them exactly with settings of other gateways in VPNs.
Gateway setting | |
---|---|
MOBIKE Return Routablility Check |
MOBIKE (mobile IKE) return routablility checks (RRC) can be used with IKEv2 to verify the validity of VPN client or gateway IP addresses if the IP address changes in the middle of an open VPN connection. The IP address is updated in the negotiated SAs when the new IP address has been verified. If the new IP address cannot be verified, the VPN connection is closed. By default, no return routablility checks are done. |
Negotiation Retry |
If a negotiation for a VPN does not complete successfully, the VPN establishment is retried according to settings in the Negotiation Retry section in Gateway Settings properties. The default settings are the recommended values. VPN establishment might fail because you have frequent intermittent problems with network connectivity or because your network connection is too slow. In these cases, increasing Negotiation Retry values might be a work-around solution for getting the VPN to establish. |
Certificate Cache |
The CRL Validity setting in the Certificate Cache section in Gateway Settings properties has an effect only if you use certificates to authenticate VPN gateways in IKE negotiations. The default setting is the recommended value. We do not recommend adjusting this setting. |
By default, all Secure SD-WAN Engines use the Gateway Default Settings Gateway Settings element. To customize the gateway settings, define a custom Gateway Settings element.