Watchguard Firebox SOHO 6 User Manual page 120

Chapter 9: VPN—Virtual Private Networking
intervals to maintain the connection. If the tunnel connection
closes, the SOHO 6 does a rekey to open the tunnel again.
The Generate IKE Keep Alive Messages checkbox is selected in the default
configuration.
Use the default Phase 2 settings, or change the Phase 2 settings as
shown below:
Make sure that the Phase 2 settings are the same on both appliances.
13 From the Authentication Algorithm drop-down list, select the
type of authentication.
14 From the Encryption Algorithm drop-down list, select the type
of encryption.
15 Select the Enable Perfect Forward Secrecy checkbox, if
necessary.
When this option is selected, each new key that is negotiated is derived by
a new Diffie-Hellman exchange instead of from only one Diffie-Hellman
exchange. This option gives more security, but increases the time
necessary for the communication because of the additional exchange.
16 Type the number of kilobytes and the number of hours until
negotiation expiration in the applicable fields.
17 Type the IP address of the local network and the remote
network that must use Phase 2 negotiation.
18 Click Submit.
98
N
OTE
WatchGuard Firebox SOHO 6