RichardA1984
asked on
Cisco 837 ipsec VPN to Watchguard Firebox
Hi All,
I look after a Cisco 837 router for one of my clients. It works perfectly, except recently i have been asked to set up a vpn to another office.
The other office is running a Watchguard Firebox, but i have no control over it and I have no access to it.
The details they have given me are as follows:
External ip address of the other site - 84.xxx.xxx.xxx
Internal ip address of the router - 192.168.0.1
Internal ip address range - 192.168.0.xxx
Gateway name
Security association proposal type - ESP
Authentication - SHA-HMAC
Encryption - 3DES-CBC
Preshared key - $xxxxxxx$
I thought I had set up the router correctly as in Cisco SDM it shows the connection as being up, although I can't ping anything at the other side, nor can I access a terminal server at the other site.
The only thing that I can see that i have done differently is use 3DES encryption instead of 3DES-CBC encryption - are they the same thing?
If anyone could shed any light it would be much appreciated. I am happy to post config files if they will be of assistance?
Thanks,
Richard
I look after a Cisco 837 router for one of my clients. It works perfectly, except recently i have been asked to set up a vpn to another office.
The other office is running a Watchguard Firebox, but i have no control over it and I have no access to it.
The details they have given me are as follows:
External ip address of the other site - 84.xxx.xxx.xxx
Internal ip address of the router - 192.168.0.1
Internal ip address range - 192.168.0.xxx
Gateway name
Security association proposal type - ESP
Authentication - SHA-HMAC
Encryption - 3DES-CBC
Preshared key - $xxxxxxx$
I thought I had set up the router correctly as in Cisco SDM it shows the connection as being up, although I can't ping anything at the other side, nor can I access a terminal server at the other site.
The only thing that I can see that i have done differently is use 3DES encryption instead of 3DES-CBC encryption - are they the same thing?
If anyone could shed any light it would be much appreciated. I am happy to post config files if they will be of assistance?
Thanks,
Richard
I would be able to help you with watchguard configuration; not too sure about cisco; i think 3des and 3des-cbc should be fine; can you post some logs which you are seeing or if possible from remote end. The logs would make it clear as to where the negotiations are failing.
Please do change two octets of all public IP addresses before posting anything.
Historically I have seen xauth to cause problem; if possible disable xauth on cisco and this should help.
Please check and update.
Thank you.
Please do change two octets of all public IP addresses before posting anything.
Historically I have seen xauth to cause problem; if possible disable xauth on cisco and this should help.
Please check and update.
Thank you.
ASKER
Hi dpk_wal,
Thanks for your suggestion. I have disabled xauth in the Cisco router, bcause i heard that it sometimes caused issues.
I have requested the logs from the other office, I will post them on here as soon as they are received!
Thanks for your help
Richard.
Thanks for your suggestion. I have disabled xauth in the Cisco router, bcause i heard that it sometimes caused issues.
I have requested the logs from the other office, I will post them on here as soon as they are received!
Thanks for your help
Richard.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks,
Richard.
Cisco837.txt