site to site VPN using watchguard firewall

Want to create site to site VPN using watchguard x550e firewall and VPN server supporting IPsec VPN tunnels.  If anybody has any quide
elawAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
elawConnect With a Mentor Author Commented:
Thanks for the solution
0
 
dpk_walCommented:
I can assist you with WG but for the remote end I would not be too helpful.

In WG first of all you create gateway here you specify:
Remote public IP; Authentication and Encryption algorithm along with Deffie-Hellman groups; and most importantly shared key and mode [main or aggressive mode]
After this create tunnel; associate tunnel with the gateway added above:
Here you configure Authentication and Encryption algorithm along with DH groups and PFS; also define key lifetime in seconds/bytes transferred.
finally add routing policy for the tunnel created and specify remote/local subnets, port/protocol and tunnel direction (uni-directional or bi-directional).

You can also specify if you wish to do NAT over VPN; but I have not mentioned steps.

Please let know if you need more details.

Thank you.
0
 
elawAuthor Commented:
Could you please send the steps to NAT over VPN.

thanks
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
elawAuthor Commented:
Could you please also elaborate more in steps
thanks
0
 
dpk_walCommented:
Which version of WG management software you are running; in older software you need to go to Setup->NAT->1-1 NAT and then configure NAT over IPSec; in newer version you configure NAT over IPSec from tunnel properties.

Thank you.
0
 
elawAuthor Commented:
Watch guard system manager 9.1

Also if you could elaborate the steps in creating gateways and tunnel and routing policy.
Thanks
0
 
dpk_walCommented:
Let me take an example; let say remote site public IP is 1.1.1.1; remote subnet is 192.168.2.0/24 and local subnet is 192.168.1.0/24; in Policy Manager; go to VPN->Branch Office Gateways; click Add; specify some name; select pre-share key or certificates as pplicable; if pres-share key then specify one.
Click Add under Gateway Enpoints; under IP address specify IP or if using FQDN then click by domain name and specify same for both local and remote gateways. click OK.
Go to Phase I settings; if you want to change anything then do otherwise click OK.
Now go to VPN->Branch Office Tunnels; click Add; specify some name; select the gateway added above; click Add under Addresses and specify local and remote subnets/host IP; if you want to have uni-directional tunnel leave Direction as <===>; under NAT settings check the box 1:1 NAT; specify subnet/IP which would be seen at remote end; for eg, 192.168.3.0/24; click OK.
Go to Phase II settings; if you want to change anything then do otherwise click OK.

Now click VPN->Create BOVPN Policy; create policy as desired which would allow traffic between local and remote subnets/peer.

Configure identical settings on the remote end; if enabling 1:1 NAT then make sure on remote end you specify remote subnet as 192.168.3.0/24 [as per example earlier]

Please implement and update if you need more details.

Thank you.
0
 
elawAuthor Commented:
Thanks for sending this information.  You have started given example IP addresses.   Would you be kind enough to write what IP address will go to where.
thanks
0
 
dpk_walConnect With a Mentor Commented:
Under Branch Office Gateways; for remote gateways provide IP as 1.1.1.1

Under Branch Office Tunnels; local subnet specify 192.168.1.0/24 and remote subnet 192.168.2.0/24

The 1-1 NAT examples are already there. Please let me know if you need screenshots with above configuration.

Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.