Administrator Guide 1
Configure the Firebox X Edge to use
Mobile VPN with IPSec
The WatchGuard® Mobile VPN with IPSec client is a software application that is installed on a remote
computer. The client makes a secure connection from the remote computer to your protected network
through an unsecured network. The Mobile VPN client uses Internet Protocol Security (IPSec) to secure
the connection.
This document gives basic configuration instructions on how to configure a Mobile VPN tunnel
between the WatchGuard Mobile VPN with IPSec client and a Firebox® X Edge device.
Before You Begin
Before you begin, make sure you understand:
• You can install the Mobile VPN with IPSec client software on any computer running Windows
2000 Professional, Windows XP (32-bit) or Windows Vista (32-bit and 64-bit). Before you install
the client software, make sure the remote computer does not have any other IPSec mobile user
VPN client software installed. You must also uninstall any desktop firewall software (other than
Microsoft firewall software) from each remote computer.
• If the Mobile VPN with IPsec client software is installed on a computer with Windows Vista and
the Windows Vista Firewall is in use, you must add a firewall exception (Control Panel > Security >
Windows Firewall > Change Settings > Exceptions) for UDP port 4500. This will enable Mobile
VPN keep-alive packets from the Firebox® to reach your client and keep the VPN tunnel up.
About Mobile VPN Client Configuration Files
With Mobile VPN with IPSec, the Firebox® X Edge administrator controls end-user profiles. You use the
Edge web configuration interface to set the name of the end user and create a client configuration file,
or profile, with the file extension .wgx. The .wgx file contains the shared key, user identification, IP
addresses, and settings that are used to create a secure tunnel between the remote computer and the
Edge. This file is encrypted with a key that is eight characters or greater in length. This key must be
known to the administrator and the remote user. When the remote client imports the .wgx file, this key
is used to decrypt the file for use in the client software.