SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
VPN > Settings
893
SonicOS 5.8.1 Administrator Guide
Destination network obtains IP addresses using DHCP server through this tunnel.
Alternatively, select Choose Destination network from list, and select the address object or
group.
Step 10 Click Proposals.
Step 11 Under IKE (Phase 1) Proposal, select either Main Mode, Aggressive Mode, or IKEv2 from
the Exchange menu. Aggressive Mode is generally used when WAN addressing is
dynamically assigned. IKEv2 causes all the negotiation to happen via IKE v2 protocols, rather
than using IKE Phase 1 and Phase 2. If you use IKE v2, both ends of the VPN tunnel must use
IKE v2.
Step 12 Under IKE (Phase 1) Proposal, the default values for DH Group, Encryption,
Authentication, and Life Time are acceptable for most VPN configurations. Be sure the Phase
1 values on the opposite side of the tunnel are configured to match. You can also choose AES-
128, AES-192, or AES-256 from the Authentication menu instead of 3DES for enhanced
authentication security.
Note The Windows 2000 L2TP client and Windows XP L2TP client can only work with DH Group
2. They are incompatible with DH Groups 1 and 5.
Step 13 Under IPsec (Phase 2) Proposal, the default values for Protocol, Encryption,
Authentication, Enable Perfect Forward Secrecy, DH Group, and Lifetime are acceptable
for most VPN SA configurations. Be sure the Phase 2 values on the opposite side of the tunnel
are configured to match.
Step 14 Click the Advanced tab and select any of the following optional settings you want to apply to
your VPN policy: