Solved

Zywall to Watchguard

Posted on 2009-07-07
3
1,204 Views
Last Modified: 2013-11-16
I have reached the end of my rope on this one. I have two firewalls, a Zywall 70 and a WatchGuard Firebox X5 Edge V7.5. I am trying to setup a VPN between the two and I can't get it to pass traffic. The Zywall says the connection is active, but the Firebox does not. Here is the configuration for the Zywall

Local Network
Range Address
10.254.253.0
10.254.253.254

Remote Network
Range Address
192.168.0.0
192.168.0.244

Gateway Policy Information
My Zywall 74.92.115.69
Primary Remote Gateway 69.141.55.49

Manual Proposal
SPI - 1
Encapsulation Mode  - Tunnel
Active Protocol - ESP
Encryption Algorithm 3DES
Authentication Algorithm SHA1

I have not include the encryption keys for security reasons, but I have double checked to make sure they are the same on both firewalls.

Here is the configuration for the Firebox

Phase 1 Settings
Mode- Main Mode
Remote IP Address
             Local ID - 69.141.55.49   Type: IP Addr
             Remote ID - 74.92.115.96   Type: IP Addr
Authentication Algorithem- SHA1-HMAC
Encryption Algorithm 3DES-CBC
Negotiation Expires in 0 KB
Negotiation expires in 24 hours
Diffie-Helman Group - 1
Yes to Send IKE keep alive messages

Phase 2 settings
Authentication Algorithm- SHA-HMAC
Encryption Algorithm- 3DES-CBC
Local Network 192.168.0.0/24
Remote Network 10.254.253.0/24


Any guidance on how I can get this working would be greatly appreciated.
0
Comment
Question by:one2onelanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24802185
The settings look good; can you post few sanitized logs which would help understand which settings is not matching at the ends.

Also, have you got any other VPN tunnel working on these boxes; just want to make sure that ISP is not blocking the VPN traffic.

Thank you.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24868777
The Zywall config should also havea  section like this, which you should feed in teh complimentary data.

Remote IP Address
             Local ID - 69.141.55.49   Type: IP Addr
             Remote ID - 74.92.115.96   Type: IP Addr


What does the log on each box show as the tunnel is brought up?

Oh - and you might try putting the Local and Remote network addresses in as "networks" not "ranges" in the zywall to match what you have done on the Watchguard - though I don't think it matters. Can't hurt to be consistent.
0
 

Accepted Solution

by:
one2onelanc earned 0 total points
ID: 25044948
Thanks for the tips but we ending up scraping this project, we are going to get two zywalls instead.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question