Barracuda Networks VERSION SP4 144 VPN Component Configuration, Tunnel Settings section:

144 VPN Component Configuration

Tunnel Settings section:

Encryption algorithm

[AES]

The algorithm to be used for encryption.

Tunnel Mode

[Response (UDP)]

The protocol to be used for tunnel traffic. The available options depend on the chosen proxy type:

- Response (UDP) for Socks 5

- Reliability (TCP) for HTTP Proxy and Socks 4

- Selecting No Proxy gives access to both protocol types and offers an additional one called Optimized

(Hybrid) indicating a combination of Response (UDP) and Reliability (TCP).

List 10–6 Advanced Settings tab – Tunnel Settings section

Parameter Description

Virtual Adapter Configuration

[Default: Direct assignment]

The method to be used for gathering IP addresses.

- Direct assignment - uses WMI (Windows Management Instrumentation) for assigning the IP address;

recommended if DHCP is not available due to security aspects.

- Use internal DHCP assignment - uses the integrated DHCP (Dynamic Host Configuration Protocol) for

assigning the IP address

- Assign IP address manually - IP address is entered manually in NIC properties

Compression

[Yes]

Yes triggers the Barracuda NG VPN Client to request compressed traffic. The server may or may not accept

the request depending on both its configuration and the license type assigned to the VPN client. Client

compression is only available to those clients that have assigned a secure connector license.

Note:

The gateway hosting the VPN server must hold a valid BOB license to use this feature. Refer to the

respective product guide for licensing details.

Note:

To activate compression operability, the VPN Service needs to be restarted after BOB license installation.

Use Access Control Service Validate the client��s status through the Access Control Service before a VPN connection is established.

NAC intercept VPN connection

[Default: Yes]

Configure here whether the Health Agent should intercept the VPN connection phase or wait until a VPN

connection is established. Recommended value: No.

Access Control Timeout [Default: 30] Timeout value in seconds for the VPN Service to wait for the Health Agent. Recommended value: 30.

WLAN Roaming [Default: Yes] Different IP addresses from the same profile are tried if a connection breaks. Recommended value: Yes.

Fast Reconnect [Default: Yes] Choose here whether to be prompted for user name and password on every connection attempt or not,

enabling seamless automatic reconnecting. This is also important in conjunction with one-time passwords.

Recommended value: Yes.

Reconnect immidiately Reconnect immidiately upon a connection break if set to Yes.

One Time Password

[No]

The behavior for reconnecting.

If set to Yes, then the password is queried anew when reconnecting.

If set to no, then reconnection is automatically performed without a password query.

Allow ENA Connection

[Yes]

Allows/blocks ENA (Exclusive Network Access) connections.

Note:

For successful VPN connection establishment between a server forcing ENA and a client, this value must be

set to Yes. Otherwise, no connection is possible.

Allow Sending Offline Rule Set

[Yes]

Enable the client to receive and use offline firewall rulesets from the VPN server. Offline firewall rulesets are

effective as long as no VPN connection is active.

Silent Mode (No Keep Alive)

[No]

Break all non-relevant communication over the VPN tunnel (for example for dial-up connections).

Keep alive (seconds)

[10]

The time value in seconds to keep an idle VPN tunnel alive.

Soft Hearbeat [Default: No] IKeep a VPN tunnel up by interpreting normal VPN traffic as keepalive traffic. Useful if the special keepalive

packets are dropped somewhere between client and server.

Enable VPN Tunnel Probing [Default:

Yes]

Probe a VPN tunnel prior to establishing a VPN connection. If this is set to Yes, the reachability of configured

IP addresses will be tested prior to establishing a tunnel. Recommended value: Yes.

Check Round Trip Time (RTT)

[Default: Yes]

Setting this to Yes will activate automatic selecting of the fastest VPN server by measuring the roundtrip

times of all available servers prior to connecting if more than one server IP address has been configured in

the profile. Recommended value: Yes.

List 10–5 Advanced Settings tab – Data integrity and encryption (ESP) section

Parameter Description