Filter
Top Products
184
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
C
HAPTER
30:
Configuring Advanced VPN Settings
• Enable Fragmented Packet Handling - If the VPN log report shows the log message
“Fragmented IPSec packet dropped”, select this feature. Do not select it until the VPN tunnel is
established and in operation.
Ignore DF (Don't Fragment) Bit - when you select Enable Fragmented Packet Handling, the
Ignore DF (Don't Fragment) Bit setting becomes active.
• Enable NAT Traversal - Select this setting is a NAT device is located between your VPN
endpoints. IPSec VPNs protect traffic exchanged between authenticated endpoints, but
authenticated endpoints cannot be dynamically re-mapped mid-session for NAT traversal to work.
Therefore, to preserve a dynamic NAT binding for the life of an IPSec session, a 1-byte UDP is
designated as a “NAT Traversal keepalive” and acts as a “heartbeat” sent by the VPN device
behind the NAT or NAPT device. The “keepalive” is silently discarded by the IPSec peer.
• Clean up Active Tunnels when Peer Gateway DNS names resolves to a different IP address
- Breaks down SAs associated with old IP addresses and reconnects to the peer gateway.