WatchGuard Technologies V10.0 manual Configuring the external authentication server

Page 13

Configuring the Firebox for Mobile VPN

8Create the virtual IP address pool: Click Add to add one IP address or an IP address range. Repeat this step to add more virtual IP addresses.

Mobile VPN users will be assigned one of these IP addresses when they connect to your network. The number of IP addresses should be the same as the number of Mobile VPN users. If High Availability is configured, you must add two virtual IP addresses for each Mobile VPN user. The IP addresses cannot be used for anything else on your network.

9Click Finish. The Remote User VPN Configuration dialog box appears. Click OK to close. The Mobile VPN client profile is saved in Documents and Settings\All Users\

Shared WatchGuard\muvpn\ip_address\config_name\wgx\config_name.wgx.

Configuring the external authentication server

If you create a Mobile VPN user group that authenticates to a third-party server, make sure you create a group on the server that has the same name as the Mobile VPN group name entered in the wizard. For RADIUS or SecurID, make sure that the RADIUS server sends a Filter-Id attribute (RADIUS attribute #11) when a user successfully authenticates, to tell the Firebox what group the user belongs to. The value for the Filter-Id attribute must match the name of the Mobile VPN group as it appears in Policy Manager.

All Mobile VPN users that authenticate to the server must belong to this group.

Administrator Guide

11

Image 13

Contents WatchGuardMobile VPN with IPSec Administrator Guide Address Before You Begin About Mobile VPN Client Configuration FilesEnabling Mobile VPN for a Firebox User Account Select the Enable Muvpn for this account check boxGet the user’s .wgx file Configuring Global Mobile VPN Client SettingsDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Adding Users to a Firebox Mobile VPN Group Modifying an Existing Mobile VPN ProfileConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Allowing Internet access through Mobile VPN tunnels Configuring Wins and DNS ServersOn the Mobile User VPN tab, click Advanced Locking Down an End-User ProfileAdd individual policies Configuring Policies to Filter Mobile VPN TrafficSeeing details on an Mobile VPN policy Re-creating End-User Profiles Using the Any PolicySaving the Profile to a Firebox Making outbound IPSec connections from behind a Firebox Additional Mobile VPN TopicsAdding feature keys Global VPN settingsTerminating IPSec connections Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Importing the end-user profile Select Configuration Profile ImportWindow AutoStart No Autostart Uninstalling the Mobile VPN client Connecting the Mobile VPN ClientSelecting a certificate and entering the PIN Controlling connection behavior Disconnecting the Mobile VPN clientStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Mobile User VPN client icon Seeing Mobile VPN Log MessagesEnabling the link firewall Securing Your Computer with the Mobile VPN FirewallAbout the desktop firewall Configuration Firewall SettingsEnabling the desktop firewall Creating firewall rules Defining friendly networksGeneral tab Local tab Remote tab