Table of Contents
Advertisement
10. Click Proposals.
11. Under IKE (Phase 1) Proposal, select either Main Mode or Aggressive Mode from the Exchange
menu. Aggressive Mode is generally used when WAN addressing is dynamically assigned.
12. Under IKE (Phase 1) Proposal, the default values for DH Group, Encryption, Authentication, and
Life Time are acceptable for most VPN configurations. Be sure the Phase 1 values on the opposite
side of the tunnel are configured to match.
13. Under IPSec (Phase 2) Proposal, the default values for Protocol, Encryption, Authentication,
Enable Perfect Forward Secrecy, DH Group, and Lifetime are acceptable for most VPN SA
configurations. Be sure the Phase 2 values on the opposite side of the tunnel are configured to match.
14. Click Advanced.
15. Select Enable Keep Alive to use heartbeat messages between peers on this VPN tunnel. If one end
of the tunnel fails, using Keep Alives will allow for the automatic renegotiation of the tunnel once both
sides become available again without having to wait for the proposed Life Time to expire.
Page 108 SonicWALL SonicOS Standard Administrator's Guide
Advertisement
Table of Contents
