VPN settings
Define settings requested for remote access using SSL VPN and L2TP. These include protocols, server certificates, and IP addresses for clients.
SSL VPN
- Protocol
- Protocol that all SSL VPN clients must use. TCP is recommended for applications that require high reliability such as email, web surfing, and FTP. UDP is suitable for applications that need fast, efficient transmission such as streaming media, DNS, VoIP, and TFTP.
- SSL server certificate
- Certificate to be used by the SSL VPN server to identify itself to clients.
- Override hostname
- Hostname to use if the firewall hostname is not reachable. Leave this field empty if you want the firewall hostname to be the target hostname for client VPN connections.
- Port
- If required, change the port number on which the SSL VPN server is listening. You can use the same port (for example, 443) for secure connections to the user portal and SSL VPN connections that use TCP.
- IPv4 lease range
- IPv4 address range for SSL clients. This should be a private IP address range.
- Subnet mask
- Subnet mask to use for the IPv4 address range.
- IPv6 lease (IPv6 prefix)
- IPv6 address range for SSL clients.
- Lease mode
- Allocate only IPv4 addresses or both IPv4 and IPv6 addresses.
- IPv4 DNS
- Primary and secondary DNS servers for your organization.
- IPv4 WINS
- Primary and secondary Windows Internet Naming Service (WINS) servers for your organization.
- Domain name
- Hostname of the firewall. Must be specified as a fully qualified domain name (FQDN). The hostname is used in notification messages to identify the firewall.
- Disconnect dead peer after
- Time, in seconds, after which a dead connection will be terminated by the firewall.
- Disconnect idle peer after
- Time, in minutes, after which an idle connection will be terminated by the firewall.
- Encryption algorithm
- Algorithm to use for encrypting the data sent through the VPN tunnel.
- Authentication algorithm
- Algorithm to use for authenticating messages.
- Key size
- Key size, in bits. Longer keys are more secure.
- Key lifetime
- Time, in seconds, after which keys will expire.
- Compress SSL VPN traffic
- Compress data sent through SSL VPN tunnels prior to encryption.
- Enable debug mode
- Provide extended information in the SSL VPN log file that is useful for debugging purposes.
L2TP
- To allow users to access your network through L2TP, specify settings and click Apply. Then, click Add members and select users.
- To view users who are allowed access using L2TP, click Show members.
- Enable L2TP
- Allow access to your network by specified users through L2TP.
- Assign IP from
- Range from which an address will be leased to the client. The client uses
the assigned address for the duration of the connection. This must be a private IP address
range with at least a 24-bit netmask.Note L2TP and PPTP ranges must not overlap.
- Allow leasing IP address from RADIUS server for L2TP, PPTP, and Sophos Connect client
- When users are authenticated on a RADIUS server, use the IP address provided by the RADIUS server. If no addresses are provided by the RADIUS server, the static address configured for the user will be assigned or an address will be leased from the specified range.
- Client information
- Primary DNS server to use for connections. Optionally, you can specify a secondary DNS server and WINS servers.