WatchGuard Firebox System 4.6 User Guide

CHAPTER 18Configuring the Fireboxfor Remote User VPNRemote user virtual private networking (RUVPN) establishes a secure connectionbetween an unsecured remote host and a protected network over an unsecurednetwork. RUVPN connects an employee on the road or working from home to trustedand optional networks behind a Firebox using a standard Internet dial-up connectionwithout compromising security.WatchGuard Firebox System offers two types of RUVPN:Remote User PPTPUses the Point-to-Point Tunneling Protocol. This type of RUVPN is included withthe basic WatchGuard package and supports up to 50 concurrent sessions perFirebox. Works with any Firebox encryption level.Mobile User VPNUses Internet Protocol Security. This type of RUVPN is an optional feature of theWatchGuard package. It requires strong or medium encryption.RUVPN requires configuration of both the Firebox and the end-user remote hostcomputers. This section describes how to configure a Firebox for both types ofRUVPN. For information on configuring the remote host, see “Preparing a Host forRemote User VPN” on page 141.Remote User PPTP and Mobile User VPN require that the ManagementStation be upgraded to either medium or strong encryption level. The mediumand strong encryption upgrade files are available to eligible users on theLiveSecurity Service Web site at http://www.watchguard.com/support.Configuration checklistBefore configuring a Firebox to use remote user virtual private networking (RUVPN),gather the following information:• The IP addresses to assign to the remote client during RUVPN sessions. The IPaddresses cannot be addresses currently in use in the network.User Guide 133