Adding a mobile access service

If there is no mobile access service configured for the SafeLinx Server, you can add one.

About this task

Mobile access services provide the support that enables VPN clients (SafeLinx Clients) to access the SafeLinx Server.

You add a mobile access service to the SafeLinx Server during the initial SafeLinx Server configuration, or from the SafeLinx Administrator. Only one mobile access service can be configured for each SafeLinx Server.

Complete the following procedure to add a mobile access service.

Procedure

  1. Right-click the SafeLinx Server to which you want to add the mobile access service, and then click Add > Mobile Access.
    The Add Mobile Access Services wizard opens to guide you through a minimal configuration of the service.
  2. In the Description field of the Add Mobile Access Services wizard, type a label to identify the service.
    You must include an entry in the Description field. You do not have to specify values for the other fields in the wizard.
    Click Next and then Finish to complete the wizard and add the service.
  3. After you add the service, use SafeLinx Administrator to edit the service properties and customize the configuration.
    You can configure the following properties for a mobile access service:
    General
    In addition to a description field, you can specify the maximum idle time.
    Link control protocol/PPP
    Specifies global settings that affect all networks installed and configured for use with mobile access services. For example, the User Datagram Protocol (UDP) and TCP port used for password updates and point-to-point protocol settings. Examples of these settings are timeout intervals and maximum number of configure, terminate, and echo request transmissions. The SafeLinx Administrator Tips Help provides detailed information about each field.
    Broadcast
    Specifies interfaces that are enabled for the broadcast service. Broadcast application servers are allowed to send broadcasts to active devices that use mobile access services.

What to do next

You can add the following resources to a mobile access service:
  • Mobile network interface (MNI)
  • TCP-Lite
    • HTTP codec
  • Connection and transport profiles
  • Groups for mobile access services
  • Mobile device
  • Modem profile
  • Network address translator
  • Packet mapping
  • Filter
  • Routing alias
You must define at least one Mobile Network Interface (MNI) and at least one Mobile Network Connection (MNC) to enable SafeLinx Clients and PPP dial-in clients to use the mobile access service.

The SafeLinx Server uses a modified Point-to-Point Protocol (PPP) to authenticate the connection between itself and SafeLinx Clients through a mobile network connection (MNC). The PPP is called wireless optimized link protocol (WLP). Each WLP MNC can use single-party key distribution protocol, two-party key distribution protocol, or Diffie-Hellman to exchange keys and validate or authenticate SafeLinx Clients. To view or change the type of key agreement used by the MNC between the SafeLinx Server and SafeLinx Client, edit the properties of the Connection profile that is assigned to the MNC.

For information about configuring connection profiles, see, Connection and transport profiles. For information about adding certificates to SafeLinx Client devices, see Storing client-based certificates.