Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
261262263264265266267268269270
User Guide 253
Branch Office Virtual Private Networks
Phase 2 settings
Phase 2 negotiates the data management security association for the tunnel. The tunnel uses this phase to
create IPSec tunnels and put data packets together.
You can use the default Phase 2 settings to make configuration easier.
To change the Phase 2 settings:
1. Select the authentication method from the Authentication Algorithm drop-down list.
2. Select the encryption algorithm from the Encryption Algorithm drop-down list.
3. TOS bits are a set of four-bit flags in the IP header that can tell routing devices to give some VPN traffic
higher priority. Some ISPs drop all packets that have TOS flags set. If you select the Enable TOS for
IPSec check box, the Edge preserves existing TOS bits in VPN traffic packets. If the check box is not
selected, the Edge removes TOS bits.
4. To use Perfect Forward Secrecy, select the Enable Perfect Forward Secrecy check box. This option
makes sure that each new key comes from a new Diffie-Hellman exchange. This option makes the
negotiation more secure, but uses more time and computer resources.
5. Type the number of kilobytes and the number of hours until the Phase 2 key expires. To make the key
not expire, enter zero (0). For example, 24 hours and zero (0) kilobytes means that the Phase 2 key is
renegotiated each 24 hours no matter how much data has passed.
Make sure that the Phase 2 configuration is the same on the two devices.