Using DVCP to connect to devices
•IP network addresses for the networks communicating with one another.
•A common passphrase, known as a shared secret.
•For WatchGuard VPN only, the local VPN IP address of each Firebox. It must be selected from a reserved network address that is not in use on either of the networks being connected. For more information, see RFC 1918 or “Setting Up Network Address Translation” on page 63.
Both ends of the tunnel must use the same encryption method.
Using DVCP to connect to devices
Dynamic VPN Configuration Protocol (DVCP) is the
How does DVCP work?
The DVCP option causes the Firebox to act as a server. SOHOs can be DVCP clients, and Fireboxes can either be DVCP clients or servers. The DVCP server maintains the connections between two devices by storing all policy
You use the the DVCP Client Wizard to configure a device as a DVCP server and then create tunnels to each client Firebox or SOHO. The clients then contact the server and automatically download the information needed for them to connect securely.
Basic and Enhanced DVCP
WatchGuard offers two types of DVCP:
Basic DVCP simplifies establishing VPN tunnels between SOHO units and Fireboxes. It cannot manage tunnels between two Fireboxes.
Enhanced DVCP manages tunnels between any two WatchGuard devices: SOHO to Firebox, Firebox to Firebox, and so on. Enhanced DVCP is available only if the VPN Manager 2.0 option is installed.
Creating a tunnel to a SOHO or SOHOtc
The tunnels you create for SOHO clients must be completely distinct from any tunnel created for branch office VPN. In other words, no addresses in the DVCP client policy should be in the same address range as any branch office policy.
122
