Configure L2TP IPSec Phase 1 Advanced Settings
To change advanced IPSec Phase 1 settings in the Mobile VPN with L2TP configuration:
- Select VPN > Mobile VPN with L2TP.
- Click Configure.
The Mobile VPN with L2TP page appears.
- Select the IPSec tab.
- Select the Phase 1 Settings tab.
- In the Advanced section, configure the advanced settings.
- If you want to build a VPN tunnel between the XTM device and L2TP VPN clients that are behind a NAT device, select the NAT Traversal check box. NAT Traversal, or UDP Encapsulation, enables traffic to get to the correct destinations.
- In the Keep-alive interval text box, type or select the number of seconds that pass before the next NAT keep-alive message is sent.
Dead Peer Detection (RFC3706)
- Use the Dead Peer Detection check box to enable or disable traffic-based dead peer detection. When you enable dead peer detection, the XTM device connects to a peer only if no traffic is received from the peer for a specified length of time and a packet is waiting to be sent to the peer. This method is more scalable than IKE keep-alive messages.
- In the Traffic idle timeout text box, type or select the amount of time (in seconds) that passes before the XTM device tries to connect to the peer.
- In the Max retries text box, type or select the number of times the XTM device tries to connect before the peer is declared dead.
Dead Peer Detection is an industry standard that is used by most VPN clients that support IPSec. We recommend that you select Dead Peer Detection if your L2TP VPN clients support it.
Edit the Mobile VPN with L2TP Configuration