Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

site to site VPN using watchguard firewall

Posted on 2008-06-12
9
Medium Priority
?
1,168 Views
Last Modified: 2013-11-16
Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels.  If anybody has any quide
0
Comment
Question by:elaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21784795
I can assist you with WG but for the remote end I would not be too helpful.

In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).

You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:elaw
ID: 21810329
Could you please send the steps to NAT over VPN.

thanks
0
 

Author Comment

by:elaw
ID: 21810366
Could you please also elaborate more in steps
thanks
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 32

Expert Comment

by:dpk_wal
ID: 21810522
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.

Thank you.
0
 

Author Comment

by:elaw
ID: 21810560
Watch guard system manager 9.1

Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21819141
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.

Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.

Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]

Please implement and update if you need more details.

Thank you.
0
 

Author Comment

by:elaw
ID: 21819519
Thanks for sending this information.  You have started given example IP addresses.   Would you be kind enough to write what IP address will go to where.
thanks
0
 
LVL 32

Assisted Solution

by:dpk_wal
dpk_wal earned 1400 total points
ID: 21820054
Under Branch Office Gateways; for remote gateways provide IP as 1.1.1.1

Under Branch Office Tunnels; local subnet specify 192.168.1.0/24 and remote subnet 192.168.2.0/24

The 1-1 NAT examples are already there. Please let me know if you need screenshots with above configuration.

Thank you.
0
 

Accepted Solution

by:
elaw earned 0 total points
ID: 21828712
Thanks for the solution
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question