Filter
Top Products
Chapter 8: VPN—Virtual Private Networking
92 WatchGuard Firebox SOHO 6.1
13 In the Diffie-Hellman Group drop list, specify the group.
WatchGuard supports 1 & 2.
Diffie-Hellman refers to a mathematical technique for securely negotiating
secret keys over a public medium. Diffie-Hellman groups are collections of
parameters used to achieve this. Group 2 is more secure than group 1, but
requires more time to compute the keys.
14 If you choose, select the checkbox marked Enable Perfect
Forward Secrecy.
When this option is selected, each new key that is negotiated is derived by
a new Diffie-Hellman exchange instead of from only one Diffie-Hellman
exchange. Enabling this option provides more security, but requires more
time because of the additional exchange.
15 Enable the Generate IKE Keep Alive Messages checkbox to
keep a VPN tunnel from going down because of time out
conditions. A small amount of traffic is sent across the VPN
tunnel to keep it alive and functioning. If the tunnel fails for
any reason the SOHO 6 initiates a rekey of the tunnel to restore
it.
This checkbox is enabled by default.
16 Phase 2 setting can be left at the defaults shown or modified as
desired. To modify Phase 2 settings, complete the following
steps. Make sure that the Phase 2 settings on this device are the
same as on the peer device.
17 In the Authentication Algorithm drop list, specify the
authentication: None (no authentication), MD5-HMAC (128-bit
authentication) or SHA1-HMCA (160-bit authentication).
18 In the Encryption Algorithm drop list, specify the type of
encryption: None (no authentication), DES-CBC or 3DES-CBC.
19 Enter how many kilobytes until key expiration.
20 Enter how many hour until key expiration.
21 Add the IP address of the local and remote network that will
use Phase 2 negotiation.
22 Click Submit.