Filter
Top Products
Modifying an Existing Mobile VPN Profile
16
Mobile User VPN
Defining advanced Phase 1 settings
To define advanced Phase 1 settings for an Mobile VPN user profile:
1 From the IPSec Tunnel tab of the Edit MUVPN Extended Authentication Group dialog box,
select Advanced.
The Phase1 Advanced Settings dialog box appears.
2 To change the SA (security association) lifetime, type a number in the SA Life field, and select
Hour or Minute from the drop-down list
3 From the Key Group drop-down list, select the Diffie-Hellman group you want. WatchGuard
supports groups 1, 2, and 5.
Diffie-Hellman groups determine the strength of the master key used in the key exchange
process. The higher the group number, the greater the security but the more time is required to
make the keys.
4 If you want to build an Mobile VPN tunnel between the Firebox and another device that is behind
a NAT device, select the NAT Traversal check box. NAT Traversal, or UDP Encapsulation, allows
traffic to get to the correct destinations. To set the Keep-alive interval, type the number of
seconds or use the value control to select the number of seconds you want.
5 You must select the IKE Keep-alive check box to have the Firebox send messages to its IKE peer
to keep the tunnel open. If you disable the IKE Keep-alive feature, the Mobile VPN client will not
be able to connect to the Firebox.
To set the Message interval, type the number of seconds or use the value control to select the
number of seconds you want.
6 To set the maximum number of times the Firebox tries to send an IKE keep-alive message before
it tries to negotiate Phase 1 again, type the number you want in the Max failures box.
7 Click OK.
Defining advanced Phase 2 settings
To define advanced Phase 2 settings for an Mobile VPN user profile:
1 From the IPSec Tunnel tab of the Edit MUVPN Extended Authentication Group dialog box,
select Proposal.
The Phase2 Proposal dialog box appears.