• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1171
  • Last Modified:

site to site VPN using watchguard firewall

Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels.  If anybody has any quide
0
elaw
Asked:
elaw
  • 5
  • 4
2 Solutions
 
dpk_walCommented:
I can assist you with WG but for the remote end I would not be too helpful.

In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).

You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.

Please let know if you need more details.

Thank you.
0
 
elawAuthor Commented:
Could you please send the steps to NAT over VPN.

thanks
0
 
elawAuthor Commented:
Could you please also elaborate more in steps
thanks
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
dpk_walCommented:
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.

Thank you.
0
 
elawAuthor Commented:
Watch guard system manager 9.1

Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
0
 
dpk_walCommented:
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.

Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.

Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]

Please implement and update if you need more details.

Thank you.
0
 
elawAuthor Commented:
Thanks for sending this information.  You have started given example IP addresses.   Would you be kind enough to write what IP address will go to where.
thanks
0
 
dpk_walCommented:
Under Branch Office Gateways; for remote gateways provide IP as 1.1.1.1

Under Branch Office Tunnels; local subnet specify 192.168.1.0/24 and remote subnet 192.168.2.0/24

The 1-1 NAT examples are already there. Please let me know if you need screenshots with above configuration.

Thank you.
0
 
elawAuthor Commented:
Thanks for the solution
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now