User's Manual Part 4
VPN Page 47
Selecting Enable NAT Traversal allows VPN tunnels to support this protocol, and log messages are
generated by the SonicWALL when a IPSec Security Gateway is detected behind a NAT/NAPT
device. The following log messages are found on the View Log tab:
Peer IPSec Gateway behind a NAT/NAPT device
Local IPSec Security Gateway behind a NAT/NAPT device
No NAT/NAPT device detected between IPSec Security
Peer IPSec Security Gateway doesn’t support VPN NAT Traversal
• Keep Alive interval (seconds) - the default value is 240 seconds (4 minutes). If Enable Keep Alive
is selected on the Advanced VPN Settings page, a new negotiation begins if the previous VPN Pol-
icy was deleted by Dead Peer Detection (DPD).
• Enable IKE Dead Peer Detection - select if you want inactive VPN tunnels to be dropped by the Son-
icWALL. Enter the number of seconds between “heartbeats” in the Dead Peer Detection Interval
(seconds) field. The default value is 60 seconds. Enter the number of missed heartbeats in the Fail-
ure Trigger Level (missed heartbeats) field. The default value is 3. If the trigger level is reached,
the VPN connection is dropped by the
SonicWALL. The SonicWALL uses a UDP packet protected by Phase 1 Encryption as the heartbeat.
VPN Single-Armed Mode (stand-alone VPN gateway)
VPN Single-Armed Mode allows you to deploy a SonicWALL with single port (WAN) utilized as a VPN
tunnel termination point. Clear text traffic is routed to the single interface and the data is encapsulated to
the appropriate IPSec gateway.
An example of a deployment is to place the SonicWALL between the existing firewall and the router
connected to the Internet. Traffic is sent in clear text to the SonicWALL, then encrypted and sent to the
appropriate VPN Gateway.