elaw
asked on
site to site VPN using watchguard firewall
Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels. If anybody has any quide
ASKER
Could you please send the steps to NAT over VPN.
thanks
thanks
ASKER
Could you please also elaborate more in steps
thanks
thanks
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.
Thank you.
Thank you.
ASKER
Watch guard system manager 9.1
Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.
Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.
Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]
Please implement and update if you need more details.
Thank you.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.
Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.
Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]
Please implement and update if you need more details.
Thank you.
ASKER
Thanks for sending this information. You have started given example IP addresses. Would you be kind enough to write what IP address will go to where.
thanks
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).
You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.
Please let know if you need more details.
Thank you.