Defining a User for a Firebox Authenticated Group

If the new user you are defining will use the Firebox for authentication, use the following procedure to define that user. (If the new user will use a third-party authentication server for authentication, use the procedure in Defining an Extended Authentication Group instead.)

 

From Policy Manager:

  1. Select Network => Remote User. Click the Mobile User VPN tab.
    The Mobile User VPN information appears.  
  1. Select Firebox Authenticated Users. Click Add. Click Next.
    The Mobile User VPN Wizard - Firebox Authenticated User appears.
  2. Enter a username and passphrase.
  3. Enter a shared key for the account.
    This key will be used to negotiate the encryption and/or authentication for the MUVPN tunnel.
  4. If you are connecting with a Pocket PC, select the appropriate checkbox. Click Next.
  5. Select whether you will use the shared key or a certificate for authentication. Click Next.
  6. If you specified certificates, enter the configuration passphrase of your certificate authority. Click Next.
  7. Specify the network resource to which this user will be allowed access.
    By default, the IP address of the Trusted network appears in the field marked Allow user access to.
  8. If you plan to use a virtual adapter and route all of the remote user's Internet traffic through the IPSec tunnel, enable the checkbox marked Use default gateway on remote network. For more information on this option, see Allowing Internet access through MUVPN tunnels.

Note: If you want to grant access to more than one network or host, use the procedure in the next section after finishing this wizard.

  1. Specify a virtual IP address for this mobile user. Click Next.
    2. This can either be an unused IP address on the network you specified in the previous step or on a false network you have created, as described in IP Addressing.
  2. Select an authentication method and encryption method for this mobile user's connections. Enter a key expiration time in kilobytes or hours.

Authentication
    MD5-HMAC (128-bit algorithm) or SHA1-HMAC (160-bit algorithm)

Encryption
    None (no encryption), DES-CBC (56-bit), or 3DES-CBC (168-bit)

  1. Click Next. Click Finish.
    2. The wizard closes and the username appears on the Mobile User VPN tab. If you expand the plus signs (+) next to the entries, you can view the information .
 

 

 

 

 

 

 

 

 

 

 

 

 

Related topics:

Modifying an existing Mobile User VPN entry

Allowing Internet access through MUVPN tunnels

Setting Advanced Preferences

Configuring Services to Allow Incoming MUVPN Traffic

 

 

Return to Top

Copyright © 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use