Watchguard XTM 510 Mobile VPN with IPSec problems

Posted on 2011-10-26
Last Modified: 2012-05-12
I'm trying to setup a Mobile VPN with IPSec through our new Watchguard XTM 510 appliance.  I've gone through all of the steps of setting up Authentication Server (Firebox), and adding users.  Then, I went through the wizard under VPN - Mobile VPN - IPSec, and set all of the paremeters for this tunnel.

Then, on the client, I downloaded and installed the Shrew Soft VPN Access Manager from the Watchguard website.  After downloading this, I then copied over the folder to the client that the Watchguard appliance created (that includes the .wgx, .vpn., etc).  Once back in the Shrew Soft VPN Access Manager, I imported this file.  This brings in all of the correct settings it appears.  Then I log in with the username and password I created.

However...........on the client end, it seems to get stuck.  It shows "bringing up tunnel", and then just stays there.  Almost like it freezes.  I know it doesn't properly connect...........because I cannot ping any of the hosts back on our subnet at work.
But the weird thing is..........back on the management station at work, I can bring up the Watchguard System Manger.........and under Mobile VPN with IPSec shows the client as connected.  It's shows the client's Public IP address, etc.
However...........there is never any traffic.  The sent and received bytes stay constant at 0.
Any ideas?  I'm at a loss here.
Would you recommend another VPN tunnel type instead of the IPSec?  Maybe the PPTP, or even SSL?
Just curious.  This will be for the sales force out in the field using laptops.
Thanks again for any assistance!
Question by:dgreer1201
    LVL 11

    Accepted Solution


    if you have purchase license from watch guard for mobile VPN ipsec (WSM/Fireware 10.x) can configure the same easily..for your assistance  i am giving a link pasted below..

    ipsec mobile vpn watchguard

    you can configure SSL VPN also...for that you need to change some configuration in your XTM box...after that you can download the SSL vpn client and easily configure the same in your client system..for your assistance the configuration guide link is pasted below.....

    watchguard SSl vpn

    for any further assistance please revert back.

    Author Comment

    Thanks for the reply!!!
    I will try this out this afternoon and let you know results.

    Is there one method that is preferred over the other for any reason?

    Author Comment

    I never was able to get the muvpn w/ispec to work.
    However.........I tested out the SSL VPN last night from home and it seems to work great.  I was actually very impressed with the speed.  I've just got to test out a few other end-users and make sure everything is working properly for them.

    A couple of our users work from home full-time.  They will be having a constant SSL VPN connection from 8 to 5 everyday back to the office.
    Will there be any performance problems with this?
    It would almost be like them using a BOVPN with an end-point device at their house.  Do you see any problems here?

    Author Closing Comment

    I never heard anything back from you in regards to my question about the SSL VPN for end-users.
    However..........I was able to follow the link you provided for setting up the SSL VPN, and it worked perfectly.
    LVL 11

    Expert Comment

    i apologize  for deferred reply.......there is no problem from(WFHU-work from home user)..only you need to check when they will work...whether you are getting constant and required bandwidth to your central site or not...means you may need to calculate how much bandwidth you require per user to get log in in your server + if you are using same bandwidth for your browsing and other internet based application....

    and also the remote users should have that much of bandwidth to get constant access.....this is a total bandwidth game..if your bandwidth is good enough ....then there should be no problem..if your bandwidth is getting low...then only you may face the problem....

    do feel free to revert back in case of any clarification required.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now