Client Settings

Parent Previous Next




Firewall Options



The Firewall Options settings are used to define what features will be enabled to prevent problems from occurring when a Firewall or NAT router exists between the Client and a Gateway.


NAT Traversal Mode


Set this value to Enable or Force if you want the VPN Client IPsec Daemon to use the IKE and ESP NAT Traversal protocol extensions.


Disable

The NATT protocol extensions will not be used.

Enable

The NATT protocol extensions will only be used if the VPN Gateway indicates support during negotiations and NAT is detected.

Force Draft

The Draft version of the NATT protocol extensions will be used regardless of whether or not the VPN Gateway indicates support during negotiations or NAT is detected.

Force RFC

The RFC version of the NATT protocol extensions will be used regardless of whether or not the VPN Gateway indicates support during negotiations or NAT is detected.


NAT Traversal Port


Enter the UDP port that the VPN Client Gateway is using for NAT-T services. The default value for this setting is UDP port 4500.


Keep-Alive Packet Rate


Enter the rate at which the Client IPsec Daemon should send NAT-T Keep alive packets. Keep-alive packets can help prevent problems from occurring when a Firewall or NAT exists between the VPN Client and the Peer Gateway. The default value for this setting is 30 seconds.


IKE Fragmentation Mode


Enable this option if you would like the VPN Client to use the IKE Fragmentation protocol extension.


Disable

The IKE Fragmentation protocol extension will not be used.

Enable

The IKE Fragmentation protocol extension will only be used if the VPN Gateway indicates support during negotiations.

Force

The IKE Fragmentation protocol extension will be used regardless of whether or not the VPN Gateway indicates support during negotiations.


Maximum Packet Size


When the Fragment Packets option is enabled, this value specifies the largest non-fragmented IKE packet size allowed. If a packet size is larger than this value, IKE fragmentation is performed. The default setting for this value is 540 bytes.



Other Options



The Other Options settings is used to define the miscellaneous features that will be enabled by the VPN Client.


Enable Dead Peer Detection


Enable this option if you would like the VPN Client IPsec Daemon to use the Dead Peer Detection protocol extension. When the option is enabled, the protocol extension will only be used if the VPN Gateway also has support. This will allow the client and Gateway to detect when one side of the tunnel is no longer able to respond. The default value for this setting is Enabled.


Enable Failure Notifications


Enable this option if you would like the VPN Client IPsec Daemon to forward ISAKMP failure notifications. The default value for this setting is Enabled.


Enable Client Login Banner


Enable this option if you would like the client to display a Login Banner after establishing a connection with the Gateway. The Gateway must support the Transaction Exchange and be configured to forward a login banner to the Client. The default value for this setting is Enabled.