Firewall Options
The Firewall Options settings are used to define what features will be enabled to prevent problems from occurring when a Firewall or NAT router exists between the Client and a Gateway.
Set this value to Enable or Force if you want the VPN Client IPsec Daemon to use the IKE and ESP NAT Traversal protocol extensions.
Disable |
The NATT protocol extensions will not be used. |
Enable |
The NATT protocol extensions will only be used if the VPN Gateway indicates support during negotiations and NAT is detected. |
Force Draft |
The Draft version of the NATT protocol extensions will be used regardless of whether or not the VPN Gateway indicates support during negotiations or NAT is detected. |
Force RFC |
The RFC version of the NATT protocol extensions will be used regardless of whether or not the VPN Gateway indicates support during negotiations or NAT is detected. |
NAT Traversal Port
Enter the UDP port that the VPN Client Gateway is using for NAT-T services. The default value for this setting is UDP port 4500.
Enter the rate at which the Client IPsec Daemon should send NAT-T Keep alive packets. Keep-alive packets can help prevent problems from occurring when a Firewall or NAT exists between the VPN Client and the Peer Gateway. The default value for this setting is 30 seconds.
Enable this option if you would like the VPN Client to use the IKE Fragmentation protocol extension.
Disable |
The IKE Fragmentation protocol extension will not be used. |
Enable |
The IKE Fragmentation protocol extension will only be used if the VPN Gateway indicates support during negotiations. |
Force |
The IKE Fragmentation protocol extension will be used regardless of whether or not the VPN Gateway indicates support during negotiations. |
Maximum Packet Size
When the Fragment Packets option is enabled, this value specifies the largest non-fragmented IKE packet size allowed. If a packet size is larger than this value, IKE fragmentation is performed. The default setting for this value is 540 bytes.
Other Options
The Other Options settings is used to define the miscellaneous features that will be enabled by the VPN Client.
Enable this option if you would like the VPN Client IPsec Daemon to use the Dead Peer Detection protocol extension. When the option is enabled, the protocol extension will only be used if the VPN Gateway also has support. This will allow the client and Gateway to detect when one side of the tunnel is no longer able to respond. The default value for this setting is Enabled.
Enable Failure Notifications
Enable this option if you would like the VPN Client IPsec Daemon to forward ISAKMP failure notifications. The default value for this setting is Enabled.
Enable Client Login Banner
Enable this option if you would like the client to display a Login Banner after establishing a connection with the Gateway. The Gateway must support the Transaction Exchange and be configured to forward a login banner to the Client. The default value for this setting is Enabled.