Configure L2TP IPSec Phase 1 Advanced Settings
To change advanced IPSec Phase 1 settings in the Mobile VPN with L2TP configuration, from Fireware Web UI: 
- (Fireware v12.3 or higher) Select VPN > Mobile VPN.
- In the L2TP section, click Configure.
- (Fireware v12.2.2 or lower) Select VPN > Mobile VPN with L2TP.
- Click Configure.
The Mobile VPN with L2TP page appears. - Select the IPSec tab.
- Select the Phase 1 Settings tab.
- In the Advanced section, configure the advanced settings as described below.
To change advanced IPSec Phase 1 settings in the Mobile VPN with L2TP configuration, from Policy Manager:
- Select VPN > Mobile VPN > L2TP.
The Mobile VPN with L2TP Configuration dialog box appears. - Select the IPSec tab.
- Select the Phase 1 Settings tab.
- Click Advanced.
The Phase 1 Advanced Settings dialog box appears.
- Configure the advanced settings as described below.
Phase 1 Advanced Settings:
NAT Traversal
- If you want to build a VPN tunnel between the Firebox and L2TP VPN clients that are behind a NAT device, select the NAT Traversal check box. NAT Traversal, or UDP Encapsulation, enables traffic to get to the correct destinations.
- In the Keep-alive interval text box, type or select the number of seconds that pass before the next NAT keep-alive message is sent.
Dead Peer Detection (RFC3706)
- Use the Dead Peer Detection check box to enable or disable traffic-based dead peer detection. When you enable dead peer detection, the Firebox connects to a peer only if no traffic is received from the peer for a specified length of time and a packet is waiting to be sent to the peer. This method is more scalable than IKE keep-alive messages.
- In the Traffic idle timeout text box, type or select the amount of time (in seconds) that passes before the Firebox tries to connect to the peer.
- In the Max retries text box, type or select the number of times the Firebox tries to connect before the peer is declared dead.
Dead Peer Detection is an industry standard that is used by most VPN clients that support IPSec. We recommend that you select Dead Peer Detection if your L2TP VPN clients support it.