Modifying an Existing Mobile VPN Profile

Phase2 Settings

Select the proposal and key expiration settings for the Mobile VPN tunnel. You can also enable Perfect Forward Secrecy (PFS) or set the Diffie-Hellman group. To change other proposal settings, click the Proposal button, and see the procedure described in “Defining advanced Phase 2 settings” on page 16.

6Click the Resources tab.

7Use the following fields to add and remove allowed network resources and virtual IP addresses:

Force All Traffic Through Tunnel

Select this check box to send all Mobile VPN user Internet traffic through the VPN tunnel. When this is selected, Mobile VPN user Internet traffic is sent through the VPN, but web sites can be slower for those users. If this is not selected, Mobile VPN user Internet traffic is not sent safely, but users can browse the Internet more quickly.

Allowed Resources list

This list shows the resources that users in the Mobile VPN authentication group can get access to on the network. Click Add to add an IP address or IP address range to the network resources list. Click Remove to clear the selected IP address or IP address range from the network resources list.

Virtual IP Address Pool

This list shows the internal IP addresses that are used by Mobile VPN users over the tunnel. These addresses are used only when they are needed. Click Add to add an IP address or IP address range to the virtual IP address pool. Click Remove to clear the selected IP address or IP address range from the virtual IP address pool.

8Click OK.

You return to the Remote Users Configuration dialog box.

End-user profiles (*.wgx) for the profile you edited are automatically regenerated. You must distribute new end-user profiles to the affected users and groups.

Administrator Guide

15

Page 17
Image 17
WatchGuard Technologies V10.0 manual Phase2 Settings