Configuring the Firebox for Mobile User VPN

automatically included in the Policy Manager software, to activate the feature a license for each installation of the client software must be purchased. To purchase IPSec license keys, contact your local reseller or visit:

http://www.watchguard.com/sales

Entering license keys

The first step in configuring the Firebox for Mobile User VPN is to enter the license key(s) into the Firebox configuration file. The Firebox automatically restricts the number of Mobile User VPN connections to the sum of the number of seats each license key provides. From Policy Manager:

1Select Network => Remote User. Click the Mobile User Licenses tab.

2Enter the license key in the text field to the left of the Add button. Click Add.

The license key appears in the list of client licenses configured for use with the Firebox. Repeat the add-license process until you have added all of your keys.

Preparing Mobile User VPN configuration files

With Mobile User VPN, the network security administrator controls end-user configuration settings. Use Policy Manager to define an end-user and generate a configuration file with the extension .exp. The .exp file contains the shared key, user identification, IP addresses, and settings required to create a secure tunnel between the remote computer and the Firebox.

Defining a new mobile user

From Policy Manager:

1Select Network => Remote User. Click the Mobile User VPN tab.

2Click Add.

The Mobile User VPN wizard appears.

3Click Next.

4Use the Select User Name drop list to select a user.

The only names that appear in the drop list are users who have not already been configured for Mobile User VPN. To add a new user, click Add New. For more information on adding a new user, see “Adding a member to built-in RUVPN user groups” on page 134.

5Enter the shared key.

The shared key is not the same as the Firebox Users authentication password. However, you can enter the same value for both the key and the password.

6Click Next.

The Allowed Resource and Virtual IP Address form appears. By default, the IP address of the Trusted network appears in the Allow User Access To field. This provides the Mobile User VPN user with access to the Trusted network.

7Enter the end-user virtual IP address. Click Next.

8Use the Type drop list to select an encryption method.

Options include: ESP (Encapsulated Security Protocol) and/or AH (Authenticated Headers) or AH Only.

9Use the Authentication drop list to select an authentication method.

Options include: None (no authentication), MD5-HMAC (128-bit algorithm), or SHA1-HMAC (160-bit algorithm).

138

Page 147 Page 149
Page 148
Image 148
WatchGuard Technologies FireboxTM System 4.6 manual Entering license keys, Preparing Mobile User VPN configuration files
Page 147 Page 149
Top Page Image Contents