Watchguard Wireless Router User's Guide download pdf (Page 161)

Manual VPN: Setting Up Manual VPN Tunnels

User Guide 147

name, and it must use this same public IP address as the

domain name in its Phase 1 setup.

Phase 2 settings

Phase 2 negotiates the data management security association for

the tunnel. The tunnel uses this phase to create IPSec tunnels and

put data packets together.

You can use the default Phase 2 settings to make configuration eas-

ier.

OTE

Make sure that the Phase 2 configuration is the same on the two

devices.

To change the Phase 2 settings:

1 Select the authentication method from the Authentication

Algorithm drop-down list.

2 Select the encryption algorithm from the Encryption Algorithm

drop-down list.

3 To use Perfect Forward Secrecy, select the Enable Perfect

Forward Secrecy check box.

This option makes sure that each new key comes from a new Diffie-

Hellman exchange. This option makes the negotiation more secure, but

uses more time.

4 Type the number of kilobytes and the number of hours until the

Phase 2 key expires.

To make the key not expire, enter zero. For example, 24 hours and zero

kilobytes means that the Phase 2 key is renegotiated each 24 hours no

matter how much data has passed.

5 Type the IP address of the local network and the remote

networks that will send encrypted traffic across the VPN.

You must enter network addresses in “slash” notation (also known as

Classless Inter Domain Routing or CIDR notation). For more information

on how to enter IP addresses in slash notation, see this FAQ: http://

www.watchguard.com/support/advancedfaqs/general_slash.asp.

6 Click Add.

1 2 ... 156 157 158 159 160 161 162 163 164 165 166 ... 253 254

No comments

Watchguard Wireless Router User's Guide Page 161