Client Settings

The Firewall Options settings are used to define what features will be enabled to prevent problems from occurring when a Firewall or NAT router exists between the Client and a Gateway.

Set this value to Enable or Force if you want the VPN Client IPSEC Daemon to use the IKE and ESP NAT Traversal protocol extensions.

Disable	The NATT protocol extensions will not be used.
Enable	The NATT protocol extensions will only be used if the VPN Gateway indicates support during negotiations and NAT is detected.
Force	The NATT protocol extensions will be used regardless of whether or not the VPN Gateway indicates support during negotiations or NAT is detected.

Enter the UDP port that the VPN Client Gateway is using for NAT-T services. The default value for this setting is UDP port 4500.

Enter the rate at which the Client IPSEC Daemon should send NAT-T Keep alive packets. Keep-alive packets can help prevent problems from occurring when a Firewall or NAT exists between the VPN Client and the Peer Gateway. The default value for this setting is 30 seconds.

Enable this option if you would like the VPN Client to use the IKE Fragmentation protocol extension.

Disable	The IKE Fragmentation protocol extension will not be used.
Enable	The IKE Fragmentation protocol extension will only be used if the VPN Gateway indicates support during negotiations.
Force	The IKE Fragmentation protocol extension will be used regardless of whether or not the VPN Gateway indicates support during negotiations.

When the Fragment Packets option is enabled, this value specifies the largest non-fragmented IKE packet size allowed. If a packet size is larger than this value, IKE fragmentation is performed. The default setting for this value is 540 bytes.

The Other Options settings is used to define the miscellaneous features that will be enabled by the VPN Client.

Enable this option if you would like the VPN Client IPSEC Daemon to use the Dead Peer Detection protocol extension. When the option is enabled, the protocol extension will only be used if the VPN Gateway also has support. This will allow the client and Gateway to detect when one side of the tunnel is no longer able to respond. The default value for this setting is Enabled.

Enable this option if you would like the VPN Client IPSEC Daemon to forward ISAKMP failure notifications. The default value for this setting is Enabled.

Enable this option if you would like the client to display a Login Banner after establishing a connection with the Gateway. The Gateway must support the Transaction Exchange and be configured to forward a login banner to the Client. The default value for this setting is Enabled.