Solved

site to site VPN using watchguard firewall

Posted on 2008-06-12
9
1,156 Views
Last Modified: 2013-11-16
Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels.  If anybody has any quide
0
Comment
Question by:elaw
  • 5
  • 4
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
I can assist you with WG but for the remote end I would not be too helpful.

In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).

You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:elaw
Comment Utility
Could you please send the steps to NAT over VPN.

thanks
0
 

Author Comment

by:elaw
Comment Utility
Could you please also elaborate more in steps
thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.

Thank you.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:elaw
Comment Utility
Watch guard system manager 9.1

Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.

Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.

Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]

Please implement and update if you need more details.

Thank you.
0
 

Author Comment

by:elaw
Comment Utility
Thanks for sending this information.  You have started given example IP addresses.   Would you be kind enough to write what IP address will go to where.
thanks
0
 
LVL 32

Assisted Solution

by:dpk_wal
dpk_wal earned 350 total points
Comment Utility
Under Branch Office Gateways; for remote gateways provide IP as 1.1.1.1

Under Branch Office Tunnels; local subnet specify 192.168.1.0/24 and remote subnet 192.168.2.0/24

The 1-1 NAT examples are already there. Please let me know if you need screenshots with above configuration.

Thank you.
0
 

Accepted Solution

by:
elaw earned 0 total points
Comment Utility
Thanks for the solution
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now