Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

site to site VPN using watchguard firewall

Posted on 2008-06-12
9
1,159 Views
Last Modified: 2013-11-16
Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels.  If anybody has any quide
0
Comment
Question by:elaw
  • 5
  • 4
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21784795
I can assist you with WG but for the remote end I would not be too helpful.

In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).

You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:elaw
ID: 21810329
Could you please send the steps to NAT over VPN.

thanks
0
 

Author Comment

by:elaw
ID: 21810366
Could you please also elaborate more in steps
thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 21810522
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.

Thank you.
0
 

Author Comment

by:elaw
ID: 21810560
Watch guard system manager 9.1

Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21819141
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.

Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.

Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]

Please implement and update if you need more details.

Thank you.
0
 

Author Comment

by:elaw
ID: 21819519
Thanks for sending this information.  You have started given example IP addresses.   Would you be kind enough to write what IP address will go to where.
thanks
0
 
LVL 32

Assisted Solution

by:dpk_wal
dpk_wal earned 350 total points
ID: 21820054
Under Branch Office Gateways; for remote gateways provide IP as 1.1.1.1

Under Branch Office Tunnels; local subnet specify 192.168.1.0/24 and remote subnet 192.168.2.0/24

The 1-1 NAT examples are already there. Please let me know if you need screenshots with above configuration.

Thank you.
0
 

Accepted Solution

by:
elaw earned 0 total points
ID: 21828712
Thanks for the solution
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question