Configuring the Firebox for Mobile VPN

8Create the virtual IP address pool: Click Add to add one IP address or an IP address range. Repeat this step to add more virtual IP addresses.

Mobile VPN users will be assigned one of these IP addresses when they connect to your network. The number of IP addresses should be the same as the number of Mobile VPN users. If High Availability is configured, you must add two virtual IP addresses for each Mobile VPN user. The IP addresses cannot be used for anything else on your network.

9Click Finish. The Remote User VPN Configuration dialog box appears. Click OK to close. The Mobile VPN client profile is saved in Documents and Settings\All Users\

Shared WatchGuard\muvpn\ip_address\config_name\wgx\config_name.wgx.

Configuring the external authentication server

If you create a Mobile VPN user group that authenticates to a third-party server, make sure you create a group on the server that has the same name as the Mobile VPN group name entered in the wizard. For RADIUS or SecurID, make sure that the RADIUS server sends a Filter-Id attribute (RADIUS attribute #11) when a user successfully authenticates, to tell the Firebox what group the user belongs to. The value for the Filter-Id attribute must match the name of the Mobile VPN group as it appears in Policy Manager.

All Mobile VPN users that authenticate to the server must belong to this group.

Administrator Guide

11

Page 13
Image 13
WatchGuard Technologies V10.0 manual Configuring the external authentication server