Contents

Use the WatchGuard IKEv2 Setup Wizard

The WatchGuard IKEv2 Setup Wizard helps you activate and configure Mobile VPN with IKEv2. The setup wizard is only available when Mobile VPN with IKEv2 has not been activated. Any Mobile VPN with IKEv2 settings not configurable in the wizard are set to their default values. When you activate Mobile VPN with IKEv2, IPSec is enabled by default with these IPSec settings:

Phase 1 transforms

  • SHA2-256, AES(256), and Diffie-Hellman Group 14
  • SHA-1, AES(256), and Diffie-Hellman Group 5
  • SHA-1, AES(256), and Diffie-Hellman Group 2
  • SHA-1, 3DES, and Diffie-Hellman Group 2

The SA life is 24 hours for all transforms.

Phase 2 proposals

  • ESP-AES-SHA1
  • ESP-AES256-SHA256

PFS is disabled.

If your IKEv2 clients require different settings, you can edit these settings after you run the wizard. In Fireware v12.2 or higher, AES-GCM is supported for Phase 1 transforms and Phase 2 proposals.

For more information about Mobile VPN with IKEv2 settings, see Edit the Mobile VPN with IKEv2 Configuration.

Before You Begin

When you configure Mobile VPN with IKEv2, you select an authentication server and add users and groups for authentication. Make sure that the authentication server you want to use for IKEv2 user authentication is configured before you enable Mobile VPN with IKEv2.

For more information about supported user authentication methods for IKEv2, seeAbout Mobile VPN with IKEv2 User Authentication

Use the IKEv2 Setup Wizard

See Also

Mobile VPN with IKEv2

Edit the Mobile VPN with IKEv2 Configuration

Internet Access Through a Mobile VPN with IKEv2 Tunnel

Configure Client Devices for Mobile VPN with IKEv2

Configure iOS and macOS Devices for Mobile VPN with IKEv2

Configure Windows Devices for Mobile VPN with IKEv2

Configure Android Devices for Mobile VPN with IKEv2

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search