Related Topics
Use the WatchGuard IKEv2 Setup Wizard
The WatchGuard IKEv2 Setup Wizard helps you activate and configure Mobile VPN with IKEv2. The setup wizard is only available when Mobile VPN with IKEv2 has not been activated. Any Mobile VPN with IKEv2 settings not configurable in the wizard are set to their default values. When you activate Mobile VPN with IKEv2, IPSec is enabled by default with these IPSec settings:
Phase 1 transforms
- SHA2-256, AES(256), and Diffie-Hellman Group 14
- SHA-1, AES(256), and Diffie-Hellman Group 5
- SHA-1, AES(256), and Diffie-Hellman Group 2
- SHA-1, 3DES, and Diffie-Hellman Group 2
The SA life is 24 hours for all transforms.
Phase 2 proposals
- ESP-AES-SHA1
- ESP-AES256-SHA256
PFS is disabled.
If your IKEv2 clients require different settings, you can edit these settings after you run the wizard.
For more information about Mobile VPN with IKEv2 settings, see Edit the Mobile VPN with IKEv2 Configuration.
Before You Begin
When you configure Mobile VPN with IKEv2, you select an authentication server and add users and groups for authentication. Make sure that the authentication server you want to use for IKEv2 user authentication is configured before you enable Mobile VPN with IKEv2.
For more information about supported user authentication methods for IKEv2, seeAbout Mobile VPN with IKEv2 User Authentication
Use the IKEv2 Setup Wizard
- Select VPN > Mobile VPN with IKEv2.
- Click Run Wizard.
- Click Next.
- Type the domain name or IP address for client connections. If your Firebox is behind a NAT device, you must specify the public IP address or domain name of the NAT device.
- Select one or more authentication servers for Mobile VPN with IKEv2 users:
- Firebox-DB
- RADIUS
- If you select both Firebox-DB and RADIUS, you can select Set as default server to make RADIUS the default authentication server.
- Select or add the users or groups for Mobile VPN with IKEv2.
- Specify the IP address pool for Mobile VPN with IKEv2 users. The default IP address pool is 192.168.114.0/24.
- Click Finish.
- To edit the configuration, click Configure.
- To download configuration scripts and instructions for IKEv2 VPN clients, click Download. For more information about scripts and instructions, see Configure Client Devices for Mobile VPN with IKEv2
- Select VPN > Mobile VPN > IKEv2 > Activate.
The IKEv2 Setup Wizard appears.
- Click Next.
- Type the domain name or IP address for client connections. If your Firebox is behind a NAT device, specify the public IP address or domain name of the NAT device.
- Select one or more authentication servers for Mobile VPN with IKEv2 users:
- Firebox-DB
- RADIUS
- If you select both Firebox-DB and RADIUS, you can select Set as default server to make RADIUS the default authentication server.
- Select or add the users or groups for Mobile VPN with IKEv2.
- Specify the IP address pool for Mobile VPN with IKEv2 users. The default IP address pool is 192.168.114.0/24.
- Click Finish.
- To edit the configuration, select VPN > Mobile VPN > IKEv2 > Configure.
- To download configuration scripts and instructions for IKEv2 VPN clients, select VPN > Mobile VPN > IKEv2.
For more information about scripts, see Configure Client Devices for Mobile VPN with IKEv2.
See Also
Edit the Mobile VPN with IKEv2 Configuration
Internet Access Through a Mobile VPN with IKEv2 Tunnel
Configure Client Devices for Mobile VPN with IKEv2
Configure iOS and macOS Devices for Mobile VPN with IKEv2