Configuration 3: Basic VPN for remote clients

This basic configuration scenario walks you through creating a mobile VPN between an NGFW Engine and more than one Stonesoft VPN Client.

To be able to configure a mobile VPN, the firewall must have a static IP address (not assigned using DHCP or PPPoE).

Depending on the configuration that you want to use, you can add VPN client access to an existing site-to-site VPN as well. However, in this example scenario, a separate policy-based VPN is created for VPN clients.

This scenario assumes that automatic Site management is used, and that the Sites do not need to be changed.

In this scenario, the VPN settings are defined in a copy of the default VPN-A Suite VPN Profile. The VPN-A Suite VPN Profile contains the VPN settings specified for the VPN-A cryptographic suite in RFC 4308.