p_bhvn
asked on
Site-to-Site VPN between ISA 2004 standard and WatchGuard firewall
Hello,
I have created a site to site VPN using PISEC with a preshared key between a ISA server 2004 and a WatchGuard firewall.
When I ping an address behind the WatchGuard firewall I get "negotiating ip security".
On the ISA 2004 I have
- Created a remote site connection pointing to the outside address of the WatchGuard firewall with a pre-shared key.
- Created two network rules to route from and to WatchGuard firewall
- Created access rules on isa 2004 indicating to and from WatchGuard firewall
When I ping an address behind the WatchGuard firewall from the isa 2004 I get "negotiating ip security".When I ping from behind the isa server 2004 I get request timed out.
When I look at the monitoring logs I can see both pings being initiated .When I look at site sessions for the remote site I do not get any indicators that the linl is up between both sites.
Isa 2004
Inside address range 192.168.116.0/255.255.255. 0
outside address is 100.0.0.100 (mentioned wrong one for security reasons)
WatchGuard Firewall
Inside address range 192.168.1.0/255.255.255.0
outside address is 200.0.0.200 (mentioned wrong one for security reasons)
FYI - Previously there was Cisco PIX firewall which is DOWN now. So trying to replace it with ISA Server.
Please Advise,
Bhvn
I have created a site to site VPN using PISEC with a preshared key between a ISA server 2004 and a WatchGuard firewall.
When I ping an address behind the WatchGuard firewall I get "negotiating ip security".
On the ISA 2004 I have
- Created a remote site connection pointing to the outside address of the WatchGuard firewall with a pre-shared key.
- Created two network rules to route from and to WatchGuard firewall
- Created access rules on isa 2004 indicating to and from WatchGuard firewall
When I ping an address behind the WatchGuard firewall from the isa 2004 I get "negotiating ip security".When I ping from behind the isa server 2004 I get request timed out.
When I look at the monitoring logs I can see both pings being initiated .When I look at site sessions for the remote site I do not get any indicators that the linl is up between both sites.
Isa 2004
Inside address range 192.168.116.0/255.255.255.
outside address is 100.0.0.100 (mentioned wrong one for security reasons)
WatchGuard Firewall
Inside address range 192.168.1.0/255.255.255.0
outside address is 200.0.0.200 (mentioned wrong one for security reasons)
FYI - Previously there was Cisco PIX firewall which is DOWN now. So trying to replace it with ISA Server.
Please Advise,
Bhvn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thank you.