SonicOS 8 IPSec VPN

Configuring Advanced Settings on Proposals

The configured parameters are automatically provisioned to the VPN AP Client prior to Phase 2 establishment, so there is no chance of configuration discrepancies between the VPN AP Server and VPN AP Client.

To configure VPN AP Server settings on the Proposals screen

  1. On the General or Network tab, click Proposals.

  2. Under IKE (Phase 1) Proposal, enter the phase 1 proposal lifetime in seconds. The default setting of 28800 forces the tunnel to renegotiate and exchange keys every 8 hours.

    To simplify auto-provisioning, the other fields in this section are dimmed and preset to:

    • Exchange: Aggressive Mode
    • DH Group: Group 5
    • Encryption: AES-256
    • Authentication: SHA1
  3. Under Ipsec (Phase 2) Proposal, select the desired encryption algorithm from the Encryption drop-down menu. The default is AES-128.

    The Protocol field is dimmed and preset to ESP to use the Encapsulated Security Payload (ESP) crypto suite.

  4. Select the desired authentication encryption method from the Authentication drop-down menu. The default is SHA1.

  5. Select Enable Perfect Forward Secrecy if you want an additional Diffie-Hellman key exchange as an added layer of security. If selected, the DH Group drop-down menu is displayed. Select the desired group from the list. The default is Group 2.

  6. Enter a value in the Life Time (seconds) field. The default setting of 28800 forces the tunnel to renegotiate and exchange keys every eight hours.

  7. Continue to Configuring Advanced Settings on Advanced.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden