[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 945
  • Last Modified:

Site-to-Site VPN between ISA 2004 standard and WatchGuard firewall

Hello,

I have created a site to site VPN using PISEC with a preshared key between a ISA server 2004 and a WatchGuard firewall.
When I ping an address behind the WatchGuard firewall I get  "negotiating ip security".

On the ISA 2004 I have

- Created a remote site connection pointing to the outside address of the WatchGuard firewall with a pre-shared key.

- Created two network rules to route from and to WatchGuard firewall

- Created access rules on isa 2004 indicating to and from WatchGuard firewall

When I ping  an address behind the WatchGuard firewall from the isa 2004 I get "negotiating ip security".When I ping from behind the isa server 2004 I get request timed out.
When I look at the monitoring logs I can see both pings being initiated .When I look at site sessions for the remote site I do not get any indicators that the linl is up between both sites.


Isa 2004
Inside address range 192.168.116.0/255.255.255.0
outside address is 100.0.0.100  (mentioned wrong one for security reasons)

WatchGuard Firewall
Inside address range 192.168.1.0/255.255.255.0
outside address is 200.0.0.200  (mentioned wrong one for security reasons)


FYI - Previously there was Cisco PIX firewall which is DOWN now. So trying to replace it with ISA Server.

Please Advise,

Bhvn
0
p_bhvn
Asked:
p_bhvn
1 Solution
 
dpk_walCommented:
Although I would not be much help with ISA configuration; I would be able to assist you with WG configuration; can you post few sanitized logs from watchguard traffic monitor which would help explain the reason the negotiations are failing.

Thank you.
0
 
p_bhvnAuthor Commented:
I upgraded it to ISA 2006 and it worked fine.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now