User's Manual Part 4

Page 40 SonicWALL SonicOS Standard Administrator’s Guide

8. Click the Proposals tab

9. In the IKE (Phase 1) Proposal section, the default settings offer a secure connection configuration,

however, the settings can be modified to reflect your preferences. In addition to 3DES, AES-128,

AES-192, and AES-256 can be selected for encryption methods.

10. In the Ipsec (Phase 2) Proposal section, the default settings offer a secure connection configuration,

however, the settings can be modified to reflect your preferences. In addition to 3DES, AES-128,

AES-192, and AES-256 can be selected for encryption methods. Selecting Enable Perfect Forward

Secrecy prevents a hacker using brute force to break encryption keys from obtaining the current and

future IPSec keys. During Phase 2 negotiation, an additional Diffie-Hellman key exchange is

performed. This option adds an additional layer of security to the VPN tunnel.

11. Click the Advanced tab. Select any optional configuration options you want to apply to your VPN

policy in the Advanced Settings section.

• Enable Keep Alive - Select this setting if you want to maintain the current connection by listening for

traffic on the network segment between the two connections. If multiple VPN tunnels are configured

on the SonicWALL, select Try to bring up all possible tunnels to have the SonicWALL renegotiate

the tunnels if they lose communication with the

SonicWALL.

• Require authentication of local users - requires all outbound VPN traffic from this SA is from an

authenticated source.

• Require authentication of remote users - requires all inbound VPN traffic for this SA is from an au-

thenticated user. Select Remote users behind VPN gateway if remote users have a VPN tunnel that

terminates on the VPN gateway. Select Remote VPN clients with XAUTH if remote users require

authentication using XAUTH and are access the SonicWALL via a VPN clients.