On the remote machine you need to install the Endpoint Security VPN client. In the logs you will see the initial connection as mobile access, then identity awareness (if enabled) and then VPN for key installation and encrypted traffic. The certificate used for this is the CA certificate, however this can be changed by enabling Mobile Access and assigning a certificate to the Mobile Access Portal. If it discovers IPsec is blocked it will use visitor mode to tunnel the VPN over 443.īy default Endpoint Security VPN client will use port 443 to negotiate the tunnel, even if Visitor Mode is not selected. I think this is used to solves issues relating to fragmented packets, NAT, large UDP packets and port filtering.
Firewall rules for access within the VPN tunnelīefore the VPN can be configured the following features need to be enabled under the gateway properties: Phase1 and Phase2 parameters (RA only) and other global settings
