Watchguard Firebox SOHO 6 User Manual page 119

external IP address is dynamic, select Aggressive Mode. If the
external IP address is static, use either mode.
7 Select the Local ID type and the Remote ID type from the
drop-down list. These must match the settings used on the
remote gateway.
- If you select Main Mode, the Local ID type and the
Remote ID type must contain IP addresses.
- If you select Aggressive Mode, the Remote ID type may
be an IP address or a domain name. If your external IP
address is static, the Local ID type must be an IP address.
If your external IP address is dynamic, the Local ID type
may be either a domain name or an IP address.
8 From the Authentication Algorithm drop-down list, select the
type of authentication.
The options are MD5-HMAC (128-bit authentication) or SHA1-HMAC
(160-bit authentication).
9 From the Encryption Algorithm drop-down list, select the type
of encryption.
The options are DES-CBC or 3DES-CBC.
10 Type the number of kilobytes and the number of hours until
negotiation expiration in the applicable fields.
11 From the Diffie-Hellman Group drop-down list, select the
group number. WatchGuard supports group 1 and group 2.
Diffie-Hellman is a mathematical technique used to securely negotiate
secret keys through a public network. Diffie-Hellman groups are
collections of parameters used to achieve this. Group 2 is more secure
than group 1, but more time is required to calculate group 2 secret keys.
12 Select the Generate IKE Keep Alive Messages checkbox to
keep the VPN tunnel open when there is no communication.
Short packets are sent across the VPN tunnel at regular
User Guide
Setting Up Multiple SOHO 6 to SOHO 6 VPN Tunnels
97