Appendix A - Creating and Deploying the Default.rcf File for Global VPN Clients Page 43
<Peer>
Defines the peer settings for a VPN connection. A VPN connection can support up to 5 peers.
Alert! A special case of Host Name is for an Office Gateway scenario. If you want to use the Default
Gateway as the host name use the exact text, <Default Gateway> including the semicolons and
&s. In this case, you must also set the tag, <UseDefaultGWAsPeerIP>=1.
<HostName>IP Address/Domain Name</HostName>
The IP address or Domain name of the
SonicWALL gateway.
<EnableDeadPeerDetection>Off=0/On=1</EnableDeadPeerDetection>
Enables detection if the
Peer stops responding to traffic. This will send Vendor ID to the SonicWALL during IKE negotiation
to enable Dead peer detection heart beat traffic.
Alert! NAT Traversal
- The implementation options for NAT Traversal were changed in Global VPN Client
2.x. In Global VPN Client releases prior to 2.x, there were checkboxes for Forcing or Disabling NAT
Traversal. With Global VPN Client 2.x and later, there is now a drop down selection list containing the
following three items:
•
Automatic - Detects if NAT Traversal is on or off.
•
Forced On - Forces NAT Traversal On.
•
Disabled - Forces NAT Traversal Off.
To specify Automatic in a custom
default.rcf
file, set ForceNATTraversal and DisableNATTraversal to 0,
or do not list these tags at all.
<ForceNATTraversal>[Off=0]/On=1</ForceNATTraversal>
Forces NAT traversal even without a
NAT device in the middle. Normally NAT devices in the middle are automatically detected and UDP
encapsulation of IPSEC traffic starts after IKE negotiation is complete.
<DisableNATTraversal>[Off=0]/On=1</DisableNATTraversal>
Disables NAT traversal even
without a NAT device in the middle. Normally NAT devices in the middle are automatically detected
and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete.
<NextHop>IP Address</NextHop>
The IP Address of the next hop for this connection. This is ONLY
used if there is a need to use a next hop that is different from the default gateway.
<Timeout>3<Timeout>
Defines
t
imeout value in seconds for packet retransmissions. The minimum
<Timeout> value is 1 second and the maximum value is 10 seconds.
<Retries>3<Retries>
Number of times to retry packet retransmissions before the connection is
considered as dead. The minimum <Retries>value is 1 and the maximum value is 10.
<UseDefaultGWAsPeerIP>[Off=0]/On=1</UseDefaultGWAsPeerIP>
Specifies that the PC’s
Default Gateway IP Address is used as the Peer IP Address.
<InterfaceSelection>
Automatically selects the connection based on link and IP detection=0/
Connection always uses LAN=1/Connection always uses Dial-Up=2
</InterfaceSelection>
Forces
the interface selection for the VPN connection.
<WaitForSourceIP>Off=0/[On=1]</WaitForSourceIP>
Specifies that packets are to be sent when
a local source IP address is available.
<DialupUseMicrosoftDUN>3
rd
Party=0/[Microsoft=1]</DialupUseMicrosoftDUN>
Instructs the
Global VPN Client to use either Microsoft or a third party Dialup connection.
<DialupApp>c:\Program Files\Windows NT\dialer.exe</DialupApp>
Specifies the directory path to
a third party Dialup connection application, including the application name.
<DialupPhonebook>MSN Office Network/[Prompt When Necessary]</DialupPhonebook>
Specifies the name of the Microsoft Dialup connection as listed in Network and Dial-up Connections
for the local computer.
<DialupLeaveConnected>[Off=0]/On=1</DialupLeaveConnected>
Instructs the Global VPN
Client to leave the dialup connection logged in when the Global VPN Client is not connected.