BOVPN between Firebox Edge X20e and Core X1250e
Posted on 2009-04-01
I'm very much a novice when it comes Watchguard products and networking between subnets so I need some suggestions if I'm on the right track for my project. Please be kind :)
I've been recently told that the VLAN connecting two of my buildings is being cut so I'll have to come up some sort VPN solution. I already have a Firebox Core 1250e (central office, site A) and have been looking at a Firebox Edge X20e for the "Branch Office" or site B. This is for a university so all IP addresses are public class B, but for example purpose I'll change the first part of address to 192.168.actual.ipaddress.
The current network (site A) is using 192.168.11.0/25, site B will use 192.168.62.128/26. Site B will only have 2 users and ~ 15 devices. Both firewalls configured in Drop in Mode.
Site A (Core) firewall is currently configured with a trusted interface of 192.168.11.40 (gateway set 192.168.11.1)
Site B (Edge) firewall may be configured with a trusted interface of 192.168.62.180 (gateway 192.168.62.127?). The Edge will also be acting a DHCP server, and use the DNS/WINS servers from site A.
My limited understanding of BOVPNs is that it is a permanent(ish) IPSec VPN which makes it so instead of individual users connecting using PPTP/IPSec/SSL, one connection is made from the local firewall to the remote firewall. By using keep alives the connection should stay up indefinitely. Is this correct?
Its very important the site A and B can communicate just as before. Is this as simple as putting in the DNS/WINS server in Edge device for Site As servers?
Is the Edge X20e the best solution or could I go down to the X10e?
thanks for you help!