Owner manual
Table Of Contents
- WatchGuard®Mobile VPN with IPSec Administrator Guide
- 1 Configure the Firebox X Edge to use Mobile VPN with IPSec
- 2 Using Fireware Policy Manager to Configure Mobile VPN with IPSec
- Before You Begin
- About Mobile VPN Client Configuration Files
- Configuring the Firebox for Mobile VPN
- Modifying an Existing Mobile VPN Profile
- Configuring WINS and DNS Servers
- Locking Down an End-User Profile
- Configuring Policies to Filter Mobile VPN Traffic
- Re-creating End-User Profiles
- Saving the Profile to a Firebox
- Distributing the Software and Profiles
- Additional Mobile VPN Topics
- 3 Mobile VPN Client Installation and Connection
Administrator Guide 7
2
Using Fireware Policy Manager to
Configure Mobile VPN with IPSec
The WatchGuard® Mobile VPN with IPSec client is a software application that is installed on a remote
computer. The client makes a secure connection from the remote computer to your protected network
through an unsecured network. The Mobile VPN client uses Internet Protocol Security (IPSec) to secure
the connection.
This document gives basic configuration instructions on how to configure a Mobile VPN tunnel
between the WatchGuard Mobile VPN with IPSec client and a Firebox® X Core or Peak device running
Fireware®.
Before You Begin
Before you begin, make sure you understand:
• Because strict export restrictions are put on exported high encryption software, WatchGuard®
System Manager is available with two encryption levels. You must make sure you download and
use WatchGuard System Manager with strong encryption when you use Mobile VPN with IPSec,
because the IPSec standard requires 56-bit (medium) encryption at a minimum.
• You can install the Mobile VPN with IPSec client software on any computer running Windows
2000 Professional, Windows XP (32-bit) or Windows Vista (32-bit and 64-bit). Before you install
the client software, make sure the remote computer does not have any other IPSec mobile user
VPN client software installed. You must also uninstall any desktop firewall software (other than
Microsoft firewall software) from each remote computer.
• If the Mobile VPN with IPsec client software is installed on a computer with Windows Vista and
the Windows Vista Firewall is in use, you must add a firewall exception
(Control Panel > Security > Windows Firewall > Change Settings > Exceptions) for UDP port
4500. This will allow Mobile VPN keep-alive packets from the Firebox® to reach your client and
keep the VPN tunnel up.