Client Settings

The Client Settings Tab is used to define the client configuration parameters required to communicate with the remote Client Gateway.

Set this value to Enable or Force if you would like the VPN Client IPSEC Daemon to use the IKE and ESP NAT Traversal protocol extensions. When the value is set to Enable, the protocol extensions will only be used if the VPN Gateway also has support and NAT is detected. When the value is set to Force, the protocol extensions are used regardless of wether or not the VPN Gateway has support or NAT is detected. The default value for this setting is Enable.

Enter the UDP port that the VPN Client Gateway is using for NAT-T services. The default value for this setting is UDP port 4500.

Enter the rate at which the Client IPSEC Daemon should send NAT-T Keep alive packets. Keep alive packets can help prevent problems from occurring when a Firewall or NAT exists between the VPN Client and the Peer Gateway. The default value for this setting is 30 seconds.

Enable this option if you would like the VPN Client IPSEC Daemon to use the Dead Peer Detection protocol extension. When the option is enabled, the protocol extension will only be used if the VPN Gateway also has support. This will allow the client and Gateway to detect when one side of the tunnel is no longer able to respond. The default value for this setting is Enabled.

Enable this option if you would like the VPN Client IPSEC Daemon to perform IP Packet Pre Fragmentation. Enabling this option will also enable the IKE Fragmentation extension. The default value for this setting is Enabled.

When the Fragment Packets option is enabled, this value specifies the largest non-fragmented packet size allowed. If a packet size is larger than this value, fragmentation is performed. This setting applies to both IP Packet Pre Fragmentation and IKE Packet Fragmentation. The default setting for this value is 540 bytes.

Enable this option if you would like the client to display a Login Banner after establishing a connection with the Gateway. The Gateway must support the Configuration Transaction Exchange and be configured to forward a login banner to the Client.The default value for this setting is Enabled.

Enable this option if you would like the VPN Client IPSEC Daemon to forward ISAKMP failure notifications for connection associated with this Site Configuration. The default value for this setting is Enabled.