Solved

Cisco 837 ipsec VPN to Watchguard Firebox

Posted on 2008-06-24
4
1,315 Views
Last Modified: 2013-11-16
Hi All,

I look after a Cisco 837 router for one of my clients.  It works perfectly, except recently i have been asked to set up a vpn to another office.  

The other office is running a Watchguard Firebox, but i have no control over it and I have no access to it.

The details they have given me are as follows:
External ip address of the other site - 84.xxx.xxx.xxx
Internal ip address of the router - 192.168.0.1
Internal ip address range - 192.168.0.xxx
Gateway name
Security association proposal type - ESP
Authentication - SHA-HMAC
Encryption - 3DES-CBC
Preshared key - $xxxxxxx$

I thought I had set up the router correctly as in Cisco SDM it shows the connection as being up, although I can't ping anything at the other side, nor can I access a terminal server at the other site.

The only thing that I can see that i have done differently is use 3DES encryption instead of 3DES-CBC encryption - are they the same thing?

If anyone could shed any light it would be much appreciated.  I am happy to post config files if they will be of assistance?

Thanks,
Richard
0
Comment
Question by:RichardA1984
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:RichardA1984
ID: 21863486
I have attached the config file and upped the point to 500.  Any assistance really would be very helpful :-)

Thanks,
Richard.
Cisco837.txt
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21864216
I would be able to help you with watchguard configuration; not too sure about cisco; i think 3des and 3des-cbc should be fine; can you post some logs which you are seeing or if possible from remote end. The logs would make it clear as to where the negotiations are failing.

Please do change two octets of all public IP addresses before posting anything.

Historically I have seen xauth to cause problem; if possible disable xauth on cisco and this should help.

Please check and update.

Thank you.
0
 

Author Comment

by:RichardA1984
ID: 21866081
Hi dpk_wal,

Thanks for your suggestion.  I have disabled xauth in the Cisco router, bcause i heard that it sometimes caused issues.

I have requested the logs from the other office, I will post them on here as soon as they are received!

Thanks for your help
Richard.
0
 

Accepted Solution

by:
RichardA1984 earned 0 total points
ID: 22267427
Hi,
Thanks for your help with this.  Ultimately I found out that the config was correct and the issue was with the watchguard at the other side.  Unfortunately i'm not sure of the exact problem with the watchguard as i don't administer it, although i belive it was a firewall related issue.

Thanks
Richard.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 85
Cisco 3560 Switch with Multiple Gateways 10 90
Simultaneous work of Wi-Fi and LAN on Win10 laptop 4 87
Management of Huawei B315 2 73
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question