Watchguard Firebox X15 User Manual page 229

Here are some configuration tips for the Pocket PC.
Phase 1 configuration of the Pocket PC's VPN
software
• The Pocket PC's "IPSec Peer Gateway Address" must be the
Edge's external IP address if the Pocket PC is connecting from
the Internet.
• The IPSec Peer Gateway Address must be the Edge's private IP
address if the Pocket PC is connecting from the optional or
trusted network.
• The Phase 1 ID type must be "ID_USER_FQDN".
This is also known as the IKE ID by some ISPs. The ID Type can also be
known as the "Fully Qualified Username" or "User Name".
• The Phase 1 ID must be the Firebox user's name.
• You must use Aggressive Mode, not Main Mode.
• Extended authentication is not supported on the Firebox X
Edge.
• Certificates are not supported on the Edge.
• NAT-Traversal is supported on the Edge.
You can have to disable NAT-Traversal on the Pocket PC because of
differences in how this protocol is implemented.
• IKE-Config Mode is supported on the Edge.
Some IPSec software providers call this IKE Mode-Configuration.
• Phase 1 encryption type can be set to DES or 3DES. The Edge
uses DES as the default encryption.
• Phase 1 authentication type can be set to SHA1-HMAC or MD5-
HMAC. The Edge uses SHA1-HMAC as the default
authentication.
• The Diffie-Hellman Group can be set to Group 1 or 2. The Edge
uses Group 1 as the default value.
• The Edge accepts most Phase 1 time-out values.
Phase 2 configuration of the VPN
• The encryption algorithm and the authentication algorithm are
configured in the Firebox User account settings, on the MUVPN
tab.
• The IPSec Phase 2 time-outs are configured in the Firebox User
account settings, on the MUVPN tab.
User Guide
Tips for Configuring the Pocket PC
215