WatchGuard Technologies V10.0 manual Defining advanced Phase 1 settings

Page 18

Modifying an Existing Mobile VPN Profile

Defining advanced Phase 1 settings

To define advanced Phase 1 settings for an Mobile VPN user profile:

1From the IPSec Tunnel tab of the Edit MUVPN Extended Authentication Group dialog box,

select Advanced.

The Phase1 Advanced Settings dialog box appears.

2To change the SA (security association) lifetime, type a number in the SA Life field, and select Hour or Minute from the drop-down list

3From the Key Group drop-down list, select the Diffie-Hellman group you want. WatchGuard supports groups 1, 2, and 5.

Diffie-Hellman groups determine the strength of the master key used in the key exchange process. The higher the group number, the greater the security but the more time is required to make the keys.

4If you want to build an Mobile VPN tunnel between the Firebox and another device that is behind a NAT device, select the NAT Traversal check box. NAT Traversal, or UDP Encapsulation, allows traffic to get to the correct destinations. To set the Keep-alive interval, type the number of seconds or use the value control to select the number of seconds you want.

5You must select the IKE Keep-alivecheck box to have the Firebox send messages to its IKE peer to keep the tunnel open. If you disable the IKE Keep-alive feature, the Mobile VPN client will not be able to connect to the Firebox.

To set the Message interval, type the number of seconds or use the value control to select the number of seconds you want.

6To set the maximum number of times the Firebox tries to send an IKE keep-alive message before it tries to negotiate Phase 1 again, type the number you want in the Max failures box.

7Click OK.

Defining advanced Phase 2 settings

To define advanced Phase 2 settings for an Mobile VPN user profile:

1From the IPSec Tunnel tab of the Edit MUVPN Extended Authentication Group dialog box,

select Proposal.

The Phase2 Proposal dialog box appears.

16

Mobile User VPN

Page 17 Page 19
Image 18
Page 17 Page 19
Contents WatchGuardMobile VPN with IPSec Administrator Guide Address About Mobile VPN Client Configuration Files Before You BeginSelect the Enable Muvpn for this account check box Enabling Mobile VPN for a Firebox User AccountConfiguring Global Mobile VPN Client Settings Get the user’s .wgx fileDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Modifying an Existing Mobile VPN Profile Adding Users to a Firebox Mobile VPN GroupConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Configuring Wins and DNS Servers Allowing Internet access through Mobile VPN tunnelsLocking Down an End-User Profile On the Mobile User VPN tab, click AdvancedConfiguring Policies to Filter Mobile VPN Traffic Add individual policiesSeeing details on an Mobile VPN policy Using the Any Policy Re-creating End-User ProfilesSaving the Profile to a Firebox Additional Mobile VPN Topics Making outbound IPSec connections from behind a FireboxTerminating IPSec connections Global VPN settingsAdding feature keys Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Select Configuration Profile Import Importing the end-user profileWindow AutoStart No Autostart Connecting the Mobile VPN Client Uninstalling the Mobile VPN clientSelecting a certificate and entering the PIN Disconnecting the Mobile VPN client Controlling connection behaviorStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Seeing Mobile VPN Log Messages Mobile User VPN client iconSecuring Your Computer with the Mobile VPN Firewall Enabling the link firewallConfiguration Firewall Settings About the desktop firewallEnabling the desktop firewall Defining friendly networks Creating firewall rulesGeneral tab Local tab Remote tab
Top Page Image Contents