[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2817
  • Last Modified:

Watchguard XTM 510 Mobile VPN with IPSec problems

I'm trying to setup a Mobile VPN with IPSec through our new Watchguard XTM 510 appliance.  I've gone through all of the steps of setting up Authentication Server (Firebox), and adding users.  Then, I went through the wizard under VPN - Mobile VPN - IPSec, and set all of the paremeters for this tunnel.

Then, on the client, I downloaded and installed the Shrew Soft VPN Access Manager from the Watchguard website.  After downloading this, I then copied over the folder to the client that the Watchguard appliance created (that includes the .wgx, .vpn., etc).  Once back in the Shrew Soft VPN Access Manager, I imported this file.  This brings in all of the correct settings it appears.  Then I log in with the username and password I created.

However...........on the client end, it seems to get stuck.  It shows "bringing up tunnel", and then just stays there.  Almost like it freezes.  I know it doesn't properly connect...........because I cannot ping any of the hosts back on our subnet at work.
But the weird thing is..........back on the management station at work, I can bring up the Watchguard System Manger.........and under Mobile VPN with IPSec tunnels.......it shows the client as connected.  It's shows the client's Public IP address, etc.
However...........there is never any traffic.  The sent and received bytes stay constant at 0.
Any ideas?  I'm at a loss here.
Would you recommend another VPN tunnel type instead of the IPSec?  Maybe the PPTP, or even SSL?
Just curious.  This will be for the sales force out in the field using laptops.
Thanks again for any assistance!
  • 3
  • 2
1 Solution

if you have purchase license from watch guard for mobile VPN ipsec (WSM/Fireware 10.x)
...you can configure the same easily..for your assistance  i am giving a link pasted below..

ipsec mobile vpn watchguard

you can configure SSL VPN also...for that you need to change some configuration in your XTM box...after that you can download the SSL vpn client and easily configure the same in your client system..for your assistance the configuration guide link is pasted below.....

watchguard SSl vpn

for any further assistance please revert back.
dgreer1201Author Commented:
Thanks for the reply!!!
I will try this out this afternoon and let you know results.

Is there one method that is preferred over the other for any reason?
dgreer1201Author Commented:
I never was able to get the muvpn w/ispec to work.
However.........I tested out the SSL VPN last night from home and it seems to work great.  I was actually very impressed with the speed.  I've just got to test out a few other end-users and make sure everything is working properly for them.

A couple of our users work from home full-time.  They will be having a constant SSL VPN connection from 8 to 5 everyday back to the office.
Will there be any performance problems with this?
It would almost be like them using a BOVPN with an end-point device at their house.  Do you see any problems here?
dgreer1201Author Commented:
I never heard anything back from you in regards to my question about the SSL VPN for end-users.
However..........I was able to follow the link you provided for setting up the SSL VPN, and it worked perfectly.
i apologize  for deferred reply.......there is no problem from(WFHU-work from home user)..only you need to check when they will work...whether you are getting constant and required bandwidth to your central site or not...means you may need to calculate how much bandwidth you require per user to get log in in your server + if you are using same bandwidth for your browsing and other internet based application....

and also the remote users should have that much of bandwidth to get constant access.....this is a total bandwidth game..if your bandwidth is good enough ....then there should be no problem..if your bandwidth is getting low...then only you may face the problem....

do feel free to revert back in case of any clarification required.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now