Example VPN configuration 3: Basic VPN for remote clients

This configuration scenario walks you through creating a mobile VPN between an NGFW Engine and more than one Forcepoint VPN Client.

To be able to configure a mobile VPN, the firewall must have a static IP address (not assigned using DHCP or PPPoE).

Depending on the configuration that you want to use, you can add VPN client access to an existing site-to-site VPN as well. However, in this example scenario, a separate policy-based VPN is created for VPN clients.

This scenario assumes that automatic Site management is used, and that the Sites do not need to be changed.

In this scenario, the VPN settings are defined in a copy of the default Suite-B-GCM-128 VPN Profile. The Suite-B-GCM-128 VPN Profile contains the VPN settings specified for the VPN-A cryptographic suite in RFC 6379.

The configuration consists of the following general steps:

1. Configure virtual IP addresses for VPN clients.
2. Configure VPN settings for the NGFW Engine.
3. Create a VPN Profile element.
4. Create a Policy-Based VPN element.
5. Create User elements.
6. Create Access rules.

Begin by configuring virtual IP addresses for VPN clients.