WatchGuard Technologies WatchGuard Firebox SOHO 6 User Manual

Page 110

background image

Chapter 8: VPN—Virtual Private Networking


WatchGuard Firebox SOHO 6.1

13 In the Diffie-Hellman Group drop list, specify the group.

WatchGuard supports 1 & 2.

Diffie-Hellman refers to a mathematical technique for securely negotiating

secret keys over a public medium. Diffie-Hellman groups are collections of

parameters used to achieve this. Group 2 is more secure than group 1, but

requires more time to compute the keys.

14 If you choose, select the checkbox marked Enable Perfect

Forward Secrecy.

When this option is selected, each new key that is negotiated is derived by

a new Diffie-Hellman exchange instead of from only one Diffie-Hellman

exchange. Enabling this option provides more security, but requires more

time because of the additional exchange.

15 Enable the Generate IKE Keep Alive Messages checkbox to

keep a VPN tunnel from going down because of time out
conditions. A small amount of traffic is sent across the VPN
tunnel to keep it alive and functioning. If the tunnel fails for
any reason the SOHO 6 initiates a rekey of the tunnel to restore

This checkbox is enabled by default.

16 Phase 2 setting can be left at the defaults shown or modified as

desired. To modify Phase 2 settings, complete the following
steps. Make sure that the Phase 2 settings on this device are the
same as on the peer device.

17 In the Authentication Algorithm drop list, specify the

authentication: None (no authentication), MD5-HMAC (128-bit
authentication) or SHA1-HMCA (160-bit authentication).

18 In the Encryption Algorithm drop list, specify the type of

encryption: None (no authentication), DES-CBC or 3DES-CBC.

19 Enter how many kilobytes until key expiration.

20 Enter how many hour until key expiration.

21 Add the IP address of the local and remote network that will

use Phase 2 negotiation.

22 Click Submit.

This manual is related to the following products: