Using this Guide To use this guide you need to be familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used in this guide. Convention Bold type NOTE...
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
"This product includes software developed by Ralf S. Engelschall <firstname.lastname@example.org> for use in the mod_ssl project (http://www.modssl.org/)." 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact email@example.com.
5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Contents CHAPTER 1 Redeem your SOHO 6 Upgrade Options Configure the SOHO 6 for MUVPN Clients CHAPTER 2 Prepare the Remote Computers System requirements Windows 98/ME operating system setup Windows NT operating system setup Windows 2000 operating system setup Windows XP operating system setup...
The Connection Monitor CHAPTER 3 ZoneAlarm Features Allowing Traffic through ZoneAlarm Shutting Down ZoneAlarm Uninstalling ZoneAlarm CHAPTER 4 My computer is hung up just after installing the I have to enter my network log in information even when I’m not I am not prompted for my user name and password when I turn my Is the Mobile User VPN tunnel is working...
Virtual Private Network (VPN) other than the MUVPN client. This VPN option can be added to the SOHO 6, while the SOHO 6tc comes with the VPN option already installed and is used to create a Branch Office VPN tunnel between two IPSec compliant devices allowing data from an entire network rather than a single remote user.
CHAPTER 1: Configure the SOHO 6 For information on registering your SOHO 6 with the LiveSecurity Service, see “Register your SOHO 6 and Activate the LiveSecurity Service” in the Firebox SOHO 6 User Guide. Follow these steps to redeem your upgrade option license key: With your Web browser, go to: Click the LiveSecurity link at the top of the page and log into the site.
Configure the SOHO 6 for MUVPN Clients Flow these steps to configure your SOHO 6: With your Web browser, go to the System Status page using the Trusted IP address of the SOHO 6. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the right side, select VPN = >...
This passphrase will be used as the Pre-Shared Key when setting up the MUVPN client. In our example, pL4n3phr34k Enter the Virtual IP address which will be used by the MUVPN computer when connecting to the SOHO 6 in the appropriate field. In our example, 192.168.111.4. Select the Authentication Algorithm.
MUVPN client to provide further security for your end users. The purpose of this guide is to assist users of the SOHO 6 to set up the MUVPN client on an end-user’s remote computer and to explain the features of the personal firewall.
CHAPTER 2: Preparation, Installation, and Connection Prepare the Remote Computers The MUVPN client is only compatible with the Windows operating system. Every Windows system used as a MUVPN remote computer must have the following system requirements. System requirements • PC-compatible computer with Pentium processor or equivalent •...
Windows 98/ME operating system setup The following networking components must be configured and installed on a remote computer running Windows 98/ME in order for the MUVPN client to function properly. Configuring networking names From the Windows desktop: Select Start = > Settings = > Control Panel. Double-click the Network icon.
CHAPTER 2: Preparation, Installation, and Connection In the Windows NT Domain field, type the domain name. For example, your domains might be sales, office, and warehouse. Enable the Logon and Restore Network Connections option. Installing Dial-Up Networking The Mobile User VPN Adapter, which supports L2TP, installs only if Dial- up Networking is already installed on your computer.
Under the “DNS Server Search Order” heading, enter your DNS server IP address, then click the Add button. If you have multiple remote DNS servers repeat this step. must first. Click the WINS Configuration tab. Verify that the Enable WINS Resolution option has been enabled. Under the “WINS Server Search Order”...
CHAPTER 2: Preparation, Installation, and Connection Enter the path to the Windows NT install files or insert your system installation CD, then click the OK button. The Remote Access Setup dialog box appears. Click the Yes button to add a RAS capable device and enable you to add a modem.
must first. Click the WINS Address tab. Enter your WINS server IP address in the appropriate field, then click the OK button. If you have multiple remote WINS servers repeat this step. Click the Close button to close the Network window. The Network Settings Change dialog box appears.
CHAPTER 2: Preparation, Installation, and Connection Click the Properties button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. Double click the Protocol network component. The Select Network Protocol window appears. Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button.
Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox. From the Windows desktop: Select Start = >...
CHAPTER 2: Preparation, Installation, and Connection 13 Under the “WINS addresses, in order of use” heading, click the Add button. The TCP/IP WINS Server window appears. 14 Enter your WINS server IP address in the appropriate field, then click the Add button. If you have multiple remote DNS servers repeat the last two steps.
Click the Properties button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. Double click the Protocol network component. The Select Network Protocol window appears. Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button.
CHAPTER 2: Preparation, Installation, and Connection Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox. From the Windows desktop: Select Start = >...
18 Click the Cancel button again to close the Dial-up connection window. Install the MUVPN Client Install the SOHO 6 MUVPN client software on each remote computer. The MUVPN installation files are available at the WatchGuard Web site: http://www.watchguard.com/support The installation process consists of two parts: installing the client software on the remote computer and configuring the client.
An Information dialog box appears. 12 Click the OK button to continue with the installation. 13 The InstallShield Wizard has completed the install of the SOHO 6 MUVPN client, verify that the option Yes, I want to restart my computer now is enabled and click the Finish button.
Configuring the MUVPN Client Once you have restarted the machine, the WatchGuard Policy Import dialog box appears. Click the Cancel button as this step is not necessary. From the Windows desktop system tray: Right-click on the Mobile User VPN client icon.
Tunnel from the drop list. From the ID Type drop list, select IP Address. 10 Enter the External IP Address of the SOHO 6 in the appropriate field. In our example, 184.108.40.206. 11 From the Network Security Policy on the left, expand New Connection.
15 Click the Pre-Shared Key button. The Pre-Shared Key window appears. 16 Click the Enter Key button. 17 Enter the same Passphrase configured on the SOHO 6 in the appropriate field. In our example, pL4n3phr34k. 18 From the Select Certificate drop list, verify that None has been selected.
The “Hash Alg” setting refers to the “Authentication Algorithm” and the “Encrypt Alg” setting refers to the “Encryption Algorithm” settings on the SOHO 6. In our example, Triple DES and MD5. These two setting connection will fail. must exactly match those on the SOHO 6 or the MUVPN Client...
26 Select File = > Save Changes. Uninstall the MUVPN client At some point, it may become necessary to completely uninstall the MUVPN client. WatchGuard recommends a complete uninstall using the Windows Add/Remove Programs tool. First, disconnect all existing tunnels and dial-up connections and reboot the remote computer.
“The Mobile User VPN client icon”. Then, from the Windows desktop: Select Start = > Programs = > Mobile User VPN = > Connect. The WatchGuard Mobile User Connect widow appears. Click the Yes button. The Mobile User VPN client icon The Mobile User VPN icon exists in the Windows desktop system tray and displays several different status images.
service properly and the remote computer must be restarted (if this continues you may need to reinstall the MUVPN client). Activated The MUVPN client is ready to establish a secure, MUVPN tunnel connection. Activated and Transmitting Unsecured Data The MUVPN client is ready to establish a secure, MUVPN tunnel connection.
CHAPTER 2: Preparation, Installation, and Connection The MUVPN client has established at least one secure, MUVPN tunnel connection. The red and green bars on the right of the icon indicate that the client is transmitting both secured and unsecured data. Allowing the MUVPN client through the personal firewall There are a couple of programs associated with the MUVPN client, which you must allow through the personal firewall in order to establish the...
The New Program alert dialog box appears requesting access for the IreIKE.exe program. Enable the Remember this answer the next time I use this program option and click the Yes button. This enables ZoneAlarm to allow the IreIKE.exe program through each time you attempt to make a MUVPN connection.
CHAPTER 2: Preparation, Installation, and Connection The Log Viewer The LogViewer displays the communications log, a diagnostic tool that lists the negotiations that occur during the MUVPN client connection. From the Windows desktop system tray: Right-click the Mobile User VPN client icon. Select Log Viewer.
An icon appears to the left of the connection name: • SA indicates that the connection has only a Phase 1 IKE SA. This occurs when connecting to a secure gateway tunnel or when a Phase 2 IPSec SA fails to establish or has not been established yet. •...
CHAPTER 2: Preparation, Installation, and Connection MUVPN Client...
The ZoneAlarm Personal CHAPTER 3 Firewall A personal firewall is a barrier between your computer and the outside world. The computer is most vulnerable at its doors, called ports. Without ports, no connection to the Internet is possible. ZoneAlarm protects these ports by following a simple rule: Block all incoming and outgoing traffic unless you explicitly allow it for trusted programs.
CHAPTER 3: The ZoneAlarm Personal Firewall This alert appears whenever one of your programs (in this example, Internet Explorer) attempts to access the Internet or your local network. This powerful feature means no information leaves your computer unless you give it permission. If you enable the “Remember the answer each time I use this program”...
In the example above, the Internet Explorer Web browser application has been launched and is attempting to access the users home page. The program which actually needs to pass through the firewall is “IEXPLORE.EXE”. In order to allow this program access each time the application is executed, enable the Remember the answer each time I use this program checkbox.
CHAPTER 3: The ZoneAlarm Personal Firewall Shutting Down ZoneAlarm From the Windows desktop system tray: Right-click on the ZoneAlarm icon ZoneAlarm. The ZoneAlarm dialog box appears. Click the Yes button when prompted to quit ZoneAlarm. Uninstalling ZoneAlarm From the Windows desktop: Select Start = >...
ZoneAlarm Features The Install window appears and prompts you to restart the computer. Click the OK button to reboot your system. MUVPN Client Guide...
CHAPTER 3: The ZoneAlarm Personal Firewall MUVPN Client...
Troubleshooting Tips CHAPTER 4 WatchGuard maintains a knowledge base on our Web site, including an In-Depth FAQ section on configuring and using the MUVPN client. This is available at: w w w.w a t c h g u a r d . c o m / s u p p o r t A few of the most common issues found in installing, configuring, and using the MUVPN client are described below.
CHAPTER 4: Troubleshooting Tips Select Disconnect All. The MUVPN client closes all VPN tunnels. Right-click on the Mobile User VPN client icon and select Deactivate Security Policy. The MUVPN icon will display a red slash to indicate that the Security Policy has been deactivated.
• Select Start = > Run. Type your company network. My mapped drives have a red X through them... Windows 98/ME, NT, and 2000 verifies and maps networks drives automatically when the computer starts. Because there is no way for you to establish a remote session with the company network before the computer actually starts, drive mapping fails during the boot process and a red X appears on the drive icon.
CHAPTER 4: Troubleshooting Tips It takes a really long time to shut down the computer after using Mobile User VPN... If you open and browse a mapped network drive during a MUVPN session, the Windows operating system waits for a signal from the times out and completes the shut down cycle.