User guide
Configuring Virtual Private Networks
144 WatchGuard Firebox X Edge
1 authenticates the two sides and creates a key management
security association to protect tunnel data.
The default settings for Phase 1 are the same for all Firebox X
devices. Many users keep these settings in their default values.
N
OTE
N
OTE
Make sure that the Phase 1 configuration is the same on the two
devices.
To change Phase 1 configuration:
1 Select the negotiation mode for Phase 1 from the drop-down
list.
N
OTE
N
OTE
You can use Main Mode only when the two devices have static IP
addresses. If any of the devices have external IP addresses that are
dynamically assigned, you must use Aggressive Mode.
2 Enter the local ID and remote ID. Select the ID types—IP
Address or Domain Name—from the drop-down lists. Make sure
this configuration is the same as the configuration on the
remote device.
Note that on the other device, the local ID type and remote ID type are
reversed.
- If your Firebox X Edge has a static external IP address, set the
local ID type to IP Address. Type the Edge’s external IP address
as the local ID.
- If your Firebox X Edge has a dynamic external IP address, you
must select Aggressive Mode and you must set up Dynamic
DNS on the Edge. For information, see “Registering with the
Dynamic DNS Service” on page 66. Set the local ID type to
Domain Name. Enter your Edge’s DynDNS domain name as the
local ID.
- If the remote VPN device has a static external IP address, set
the remote ID type to IP Address. Enter the remote gateway’s
IP address as the remote ID.
- If the remote VPN device has a dynamic external IP address and
the remote gateway uses Dynamic DNS, set the remote ID type
to remote ID.