User Guide
Page 116 SonicWALL Internet Security Appliance User’s Guide
The Configure Tab
The Configure tab contains the following sections:
• Add/Modify IPSec Security Associations
• Security Policy
• Advanced Settings
• VPN Client Configuration File Export (only Group VPN)
Add/Modify IPSec Security Associations
In this section, select the type of Security Association from the list. Choose either Group
VPN (default) or Add New SA. If you select Add New SA, a Name field is displayed that
allows you to create a name for the SA, such as Boston Office, Corporate Site, etc.
Select the type of security policy for the SA from the IPSec Keying Mode menu. You can
select IKE using Preshared Secret, Manual Key, or IKE using Certificates.
To disable the SA, select Disable This SA. If selected, you can disable a security
association temporarily if problems occur with it.
The IPSec Gateway Address field is used to configure the gateway for the security
association.
Security policy Settings for IKE using Pre-shared Secret
• Phase 1 DH Group - Diffie-Hellman (DH) key exchange (a key agreement protocol) is
used during phase 1 of the authentication process to establish pre-shared keys. Select
from one of three settings:
- Group 1
- Group 2
- Group 5
Groups 1, 2, 5 use Modular-Exponential with different prime lengths as listed below:
If network speed is preferred, select Group 1. If network security is preferred, select
Group 5. To compromise between network speed and network security, select Group
2.
• SA Life time (secs) - This field allows you to configure the length of time a VPN
tunnel is active. The default value is 28800 seconds (eight hours).
Group
Descriptor
Prime
Size (bits)
Group 1 768
Group 2 1024
Group 5 1536
integrated_manual.book Page 116 Friday, October 12, 2001 2:56 PM