Watchguard Firebox X20E User Manual page 214

Manual VPN: Setting Up Manual VPN Tunnels
To change Phase 1 configuration:
Select the negotiation mode from the Mode drop-down list. You can use Main Mode only when
1
the two devices have static IP addresses. If one or both of the devices have external IP addresses
that are dynamically assigned, you must use Aggressive Mode.
Enter the local ID and remote ID. Select the ID types—IP Address or Domain Name—from the
2
drop-down lists. Make sure this configuration is the same as the configuration on the remote
device.
Note that on the other device, the local ID type and remote ID type are reversed.
- If your Firebox X Edge or remote VPN device has a static external IP address, set the local ID
type to IP Address. Type the external IP address of the Edge or device as the local ID.
- If your Firebox X Edge or remote VPN device has a dynamic external IP address, you must
select Aggressive Mode and the device must use Dynamic DNS. For more information, see
"Registering with the Dynamic DNS Service" on page 70. Set the local ID type to Domain
Name. Enter the DynDNS domain name of the device as the local ID.
If your Firebox X Edge external interface has a private IP address instead of a public IP address, then your
ISP or the Internet access device connected to the Edge's external interface (modem or router) does
Network Address Translation (NAT). See the instructions at the end of this section if your Edge's external
interface has a private IP address.
Select the type of authentication from the Authentication Algorithm drop-down list. The
3
options are MD5-HMAC (128-bit authentication) or SHA1-HMAC (160-bit authentication). SHA1-
HMAC is more secure.
From the Encryption Algorithm drop-down list, select the type of encryption. The options, from
4
least secure to most secure, are DES-CBC, 3DES-CBC, AES (128 bit), AES (192 bit), and AES (256
bit).
202 Firebox X Edge e-Series