WatchGuard Technologies V10.0 manual Before You Begin

2

Using Fireware Policy Manager to Configure Mobile VPN with IPSec

The WatchGuard® Mobile VPN with IPSec client is a software application that is installed on a remote computer. The client makes a secure connection from the remote computer to your protected network through an unsecured network. The Mobile VPN client uses Internet Protocol Security (IPSec) to secure the connection.

This document gives basic configuration instructions on how to configure a Mobile VPN tunnel between the WatchGuard Mobile VPN with IPSec client and a Firebox® X Core or Peak device running Fireware®.

Before You Begin

Before you begin, make sure you understand:

•Because strict export restrictions are put on exported high encryption software, WatchGuard® System Manager is available with two encryption levels. You must make sure you download and use WatchGuard System Manager with strong encryption when you use Mobile VPN with IPSec, because the IPSec standard requires 56-bit (medium) encryption at a minimum.

•You can install the Mobile VPN with IPSec client software on any computer running Windows 2000 Professional, Windows XP (32-bit) or Windows Vista (32-bit and 64-bit). Before you install the client software, make sure the remote computer does not have any other IPSec mobile user VPN client software installed. You must also uninstall any desktop firewall software (other than Microsoft firewall software) from each remote computer.

•If the Mobile VPN with IPsec client software is installed on a computer with Windows Vista and the Windows Vista Firewall is in use, you must add a firewall exception

(Control Panel > Security > Windows Firewall > Change Settings > Exceptions) for UDP port 4500. This will allow Mobile VPN keep-alive packets from the Firebox® to reach your client and keep the VPN tunnel up.