?
Solved

Site-to-Site VPN between ISA 2004 standard and WatchGuard firewall

Posted on 2008-10-20
2
Medium Priority
?
920 Views
Last Modified: 2013-11-16
Hello,

I have created a site to site VPN using PISEC with a preshared key between a ISA server 2004 and a WatchGuard firewall.
When I ping an address behind the WatchGuard firewall I get  "negotiating ip security".

On the ISA 2004 I have

- Created a remote site connection pointing to the outside address of the WatchGuard firewall with a pre-shared key.

- Created two network rules to route from and to WatchGuard firewall

- Created access rules on isa 2004 indicating to and from WatchGuard firewall

When I ping  an address behind the WatchGuard firewall from the isa 2004 I get "negotiating ip security".When I ping from behind the isa server 2004 I get request timed out.
When I look at the monitoring logs I can see both pings being initiated .When I look at site sessions for the remote site I do not get any indicators that the linl is up between both sites.


Isa 2004
Inside address range 192.168.116.0/255.255.255.0
outside address is 100.0.0.100  (mentioned wrong one for security reasons)

WatchGuard Firewall
Inside address range 192.168.1.0/255.255.255.0
outside address is 200.0.0.200  (mentioned wrong one for security reasons)


FYI - Previously there was Cisco PIX firewall which is DOWN now. So trying to replace it with ISA Server.

Please Advise,

Bhvn
0
Comment
Question by:p_bhvn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22760454
Although I would not be much help with ISA configuration; I would be able to assist you with WG configuration; can you post few sanitized logs from watchguard traffic monitor which would help explain the reason the negotiations are failing.

Thank you.
0
 

Accepted Solution

by:
p_bhvn earned 0 total points
ID: 22790421
I upgraded it to ISA 2006 and it worked fine.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question