Contents

Related Topics

Use the Mac OS X or iOS Native IPSec VPN Client

Apple iOS devices (iPhone, iPad, and iPod Touch) and Mac OS X 10.6 and higher devices include a native Cisco IPSec VPN client. You can use this client to make an IPSec VPN connection to a Firebox. To use the native IPSec VPN client to make a connection to your Firebox, you must configure the VPN settings on your Firebox to match those on the iOS or Mac OS X device.

For IPSec VPN connections from a Mac OS X device, you can also use the WatchGuard IPSec VPN Client for Mac OS X. For more information, see Install the IPSec Mobile VPN Client Software.

The WatchGuard Mobile VPN app for iOS is no longer available in the Google Play store. Information about the WatchGuard Mobile VPN app for iOS is provided as a reference for legacy installations.

For an iOS device, you can install the WatchGuard Mobile VPN app for iOS. This app can import a Mobile VPN with IPSec profile into the native VPN client on the iOS device. For a Mac OS X device, you must manually configure the settings in the native VPN client.

You can use the same Mobile VPN with IPSec profile for VPN connections from iOS and Android devices. For information about how to configure the VPN client on an Android device, see Use Mobile VPN with IPSec with an Android Device.

If your Apple iOS device runs iOS 9.3 or higher, you can use SHA1 or SHA2, and Diffie-Hellman Group 2, 5, or 14. If your Apple iOS device runs an earlier version of iOS, use SHA1 and Diffie-Hellman Group 2.

Configure the Firebox

Many of the VPN tunnel configuration settings in the VPN client on the Mac OS X or iOS device are not configurable by the user. It is very important to configure the settings on your Firebox to match the settings required by the VPN client on the Mac OS X or iOS device.

Configure the VPN Client on an iOS Device

The WatchGuard Mobile VPN app for iOS is no longer available in the Google Play store. Information about the WatchGuard Mobile VPN app for iOS is provided as a reference for legacy installations.

There are two methods you can use to configure the VPN client on an iOS device. You can use the WatchGuard Mobile VPN app for iOS to import a .wgm end-user profile to the VPN client on the iOS device. This is the easiest way to configure the iOS device. If you do not install the WatchGuard Mobile VPN app on the iOS device, you can manually configure the VPN client with the correct settings to connect.

To use the WatchGuard Mobile VPN app to import the IPSec VPN settings to the native iOS VPN client:

  1. Generate the .wgm profile for the Mobile VPN with IPSec group.
    For more information, see Generate Mobile VPN with IPSec Configuration Files.
  2. Send the .wgm profile to the mobile users as an email attachment.
  3. Use a secure method to give the passphrase to the mobile users.
  4. On the iOS device, install the free WatchGuard Mobile VPN app from the Apple App Store.
  5. In the email client on the iOS device, open the email that contains the .wgm file attachment.
  6. Open the .wgm file attachment.
    The WatchGuard Mobile VPN app launches.
  7. Type the passphrase received from the administrator to decrypt the file.
    The WatchGuard Mobile VPN app imports the configuration and creates an IPSec VPN configuration profile in the iOS VPN client.

To manually configure the VPN client settings on the iOS device:

  1. Select Settings > General > Network > VPN > Add VPN Configuration.
  2. Configure these settings in the VPN client:
    • Server — The external IP address of the Firebox
    • Account — The user name on the authentication server
    • Use Certificate — Set this option to OFF
    • Group Name — The group name you chose in the Firebox Mobile VPN with IPSec configuration
    • Secret — The tunnel passphrase you set in the Firebox Mobile VPN with IPSec configuration
    • User’s Password — The password for the user on the authentication server

After you add the VPN configuration, a VPN switch appears in the Settings menu on the iOS device.

To enable or disable the VPN client, click the VPN switch. When a VPN connection is established, the VPN icon appears in the status bar.

The VPN client on the iOS device stays connected to the VPN only while the iOS device is in use. If the iOS device locks itself, the VPN client might disconnect. Users can manually reconnect their VPN clients. If users save their passwords, they do not have to retype the password each time the VPN client reconnects. If users do not save their passwords, they must type the password each time the client reconnects.

Configure the VPN Client on a Mac OS X Device

The Firebox does not generate a client configuration file for the VPN client on the Mac OS X device. The user must manually configure the VPN client settings to match the settings configured on the Firebox.

To configure the VPN settings on the Mac OS X device:

  1. Open System Preferences and select Network.
  2. Click + at the bottom of the list to add a new interface. Configure these settings:
    • Interface — VPN
    • VPN Type — Cisco IPSec
    • Service Name — Type the name to use for this connection
  3. Click Create.
    The new VPN interface appears in the list of network interfaces.
  4. Select the new interface in the list. Edit these settings:
    • Server Address — The external IP address of the Firebox
    • Account Name — The user name on the authentication server
    • Password — The password for the user on the authentication server
  5. Click Authentication Settings. Configure these settings:
    • Shared Secret — The tunnel passphrase you set in the Firebox Mobile VPN with IPSec configuration
    • Group Name — The group name you chose in the Firebox Mobile VPN with IPSec configuration
  6. To add the VPN status icon to the OS X menu bar, select the Show VPN status in menu bar check box .
  7. Click Connect to start the VPN tunnel.

After you apply these settings, a VPN status icon appears in the menu bar of the Mac OS X device.

To start or stop the VPN client connection, click the VPN status icon.

See Also

Mobile VPN with IPSec

Define Advanced Phase 1 Settings

Define Advanced Phase 2 Settings

Give Us Feedback     Get Support     All Product Documentation     Technical Search