Configuring the Firebox for Mobile User VPN
From the Remote User Setup dialog box:
1Click the PPTP tab.
2 Click Add.
3Use the Choose Type drop list to select either a host or network.
You can configure up to 50 addresses. If you select a network address, Remote User PPTP will use the first 50 addresses in the subnet.
4In the Value field, enter the host or network address in slash notation. Click OK.
Enter unused IP addresses that the Firebox can dynamically assign to clients during Remote User PPTP sessions. Selected addresses must not appear in the Blocked Sites list. The IP address appears in the list of addresses available to remote clients.
5Repeat the add process until you have configured all addresses for use with Remote User PPTP.
Rules for valid Remote User PPTP addresses
•Addresses that have host routes are invalid
•Traffic routed through the default gateway does not receive proxy ARP treatment
•Addresses whose packets would be routed through the External interface (but not through the default gateway) are invalid
•Addresses in networks to which you have routes are invalid (except those that are routed through default route)
•Any other packets are allowed and handled by proxy ARP
Configuring the Firebox for Mobile User VPN
Mobile User VPN requires careful configuration of both the Firebox and the remote client computers. However, unlike Remote User PPTP, the Firebox administrator retains more control over the client configuration through an
•Obtain a license key from WatchGuard
•Add user names to the
•Enter the IPSec license key into the Firebox configuration file
•Verify WINS and DNS server settings
•Use Policy Manager to simultaneously configure the Firebox and create end- user configuration files
•Configure service properties using ipsec_users
•Distribute the
Purchasing a Mobile User VPN license
WatchGuard Mobile User VPN is an optional feature of the WatchGuard Firebox System. Although the administrative tools to configure Mobile User VPN are
User Guide | 137 |