There are two authentication methods you can use to establish a secure IPSec VPN tunnel. You must select one of these IPSec VPN tunnel authentication methods when you configure branch office VPN, Mobile VPN with IPSec, or Mobile VPN with L2TP.
Use a pre-shared key
Use a pre-shared key stored on both VPN endpoints to verify the identity of each endpoint.
Use a certificate
For branch office VPN and Mobile VPN with L2TP, you use an IPSec certificate imported and stored on the Firebox. The same certificate must also be imported to the other VPN endpoint.
For Mobile VPN with IPSec you use a certificate generated by a WatchGuard Management Server.
For more information about how to use certificates for IPSec VPN tunnel authentication, see: