Configuring Virtual Private Networks178 WatchGuard Firebox X EdgeThe WatchGuard Management Server (previously known as theDVCP Server) uses DVCP to keep the VPN tunnel configuration.DVCP (Dynamic VPN Configuration Protocol) is the WatchGuard®protocol that you can use to create IPSec tunnels easily. Watchguarduses the name Managed VPN because the Management Server man-ages the VPN tunnel and sends the VPN configuration to your Edge.An Edge administrator must type only a small quantity of informa-tion into the Edge configuration pages.You must have WatchGuard System Manager and a Firebox III, Fire-box X Core, or Firebox X Peak to have a Management Server. Whenyour Firebox X Edge gets its VPN configuration from a ManagementServer, your Edge is a client of the Management Server in a client-server relationship. The Edge gets all of its VPN configuration fromthe Management Server.To configure a Firebox X Edge to allow WatchGuard System Man-ager access for the creation of VPN tunnels, see “Setting up Watch-Guard System Manager Access” on page 46.Manual VPN: Setting Up Manual VPN TunnelsTo create a VPN tunnel manually to another Firebox® X Edge or to aFirebox III or Firebox X, or to configure a VPN tunnel to a devicethat is not a WatchGuard® device, you must use Manual VPN. Usethis section to configure Manual VPN on the Firebox X Edge.What you need for Manual VPNIn addition to the VPN requirements at the start of this chapter, youmust have this information for a Manual VPN:• You must know if the IP address assigned to the other VPNdevice is static or dynamic. If the other VPN device is dynamic,your Edge must find the other device by domain name and theother device must use Dynamic DNS.• You must know the shared key (passphrase) for the tunnel. Thesame shared key must be used by the two devices.• You must know the encryption method used for the tunnel (DESor 3DES). Each VPN device must use the same method.