Here are some configuration tips for the Pocket PC.
Phase 1 configuration of the Pocket PC's VPN
software
•
The Pocket PC's "IPSec Peer Gateway Address" must be the
Edge's external IP address if the Pocket PC is connecting from
the Internet.
•
The IPSec Peer Gateway Address must be the Edge's private IP
address if the Pocket PC is connecting from the optional or
trusted network.
•
The Phase 1 ID type must be "ID_USER_FQDN".
This is also known as the IKE ID by some ISPs. The ID Type can also be
known as the "Fully Qualified Username" or "User Name".
•
The Phase 1 ID must be the Firebox user's name.
•
You must use Aggressive Mode, not Main Mode.
•
Extended authentication is not supported on the Firebox X
Edge.
•
Certificates are not supported on the Edge.
•
NAT-Traversal is supported on the Edge.
You can have to disable NAT-Traversal on the Pocket PC because of
differences in how this protocol is implemented.
•
IKE-Config Mode is supported on the Edge.
Some IPSec software providers call this IKE Mode-Configuration.
•
Phase 1 encryption type can be set to DES or 3DES. The Edge
uses DES as the default encryption.
•
Phase 1 authentication type can be set to SHA1-HMAC or MD5-
HMAC. The Edge uses SHA1-HMAC as the default
authentication.
•
The Diffie-Hellman Group can be set to Group 1 or 2. The Edge
uses Group 1 as the default value.
•
The Edge accepts most Phase 1 time-out values.
Phase 2 configuration of the VPN
•
The encryption algorithm and the authentication algorithm are
configured in the Firebox User account settings, on the MUVPN
tab.
•
The IPSec Phase 2 time-outs are configured in the Firebox User
account settings, on the MUVPN tab.
User Guide
Tips for Configuring the Pocket PC
215