VPN > Settings
576
SonicOS Enhanced 4.0 Administrator Guide
Destination network obtains IP addresses using DHCP server through this tunnel.
Alternatively, select Choose Destination network from list, and select the address object or
group.
Step 11 Click the Proposals tab.
Step 12 In the IKE (Phase 1) Proposal section, select the following settings:
–
Select Main Mode or Aggressive Mode from the Exchange menu.
–
Select the desired DH Group from the DH Group menu.
Note The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH
Group 2. They are incompatible with DH Groups 1 and 5.
–
Select 3DES, AES-128, AES-192, or AES-256 from the Encryption menu.
–
Select the desired authentication method from the Authentication menu.
–
Enter a value in the Life Time (seconds) field. The default setting of 28800 forces the
tunnel to renegotiate and exchange keys every 8 hours.
Step 13 In the IPsec (Phase 2) Proposal section, select the following settings:
–
Select the desired protocol from the Protocol menu.
–
Select 3DES, AES-128, AES-192, or AES-256 from the Encryption menu.
–
Select the desired authentication method from the Authentication menu.
–
Select Enable Perfect Forward Secrecy if you want an additional Diffie-Hellman key
exchange as an added layer of security. Select Group 2 from the DH Group menu.
Note The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH
Group 2. They are incompatible with DH Groups 1 and 5.