Solved

Site-to-Site VPN between ISA 2004 standard and WatchGuard firewall

Posted on 2008-10-20
2
885 Views
Last Modified: 2013-11-16
Hello,

I have created a site to site VPN using PISEC with a preshared key between a ISA server 2004 and a WatchGuard firewall.
When I ping an address behind the WatchGuard firewall I get  "negotiating ip security".

On the ISA 2004 I have

- Created a remote site connection pointing to the outside address of the WatchGuard firewall with a pre-shared key.

- Created two network rules to route from and to WatchGuard firewall

- Created access rules on isa 2004 indicating to and from WatchGuard firewall

When I ping  an address behind the WatchGuard firewall from the isa 2004 I get "negotiating ip security".When I ping from behind the isa server 2004 I get request timed out.
When I look at the monitoring logs I can see both pings being initiated .When I look at site sessions for the remote site I do not get any indicators that the linl is up between both sites.


Isa 2004
Inside address range 192.168.116.0/255.255.255.0
outside address is 100.0.0.100  (mentioned wrong one for security reasons)

WatchGuard Firewall
Inside address range 192.168.1.0/255.255.255.0
outside address is 200.0.0.200  (mentioned wrong one for security reasons)


FYI - Previously there was Cisco PIX firewall which is DOWN now. So trying to replace it with ISA Server.

Please Advise,

Bhvn
0
Comment
Question by:p_bhvn
2 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22760454
Although I would not be much help with ISA configuration; I would be able to assist you with WG configuration; can you post few sanitized logs from watchguard traffic monitor which would help explain the reason the negotiations are failing.

Thank you.
0
 

Accepted Solution

by:
p_bhvn earned 0 total points
ID: 22790421
I upgraded it to ISA 2006 and it worked fine.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question