We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Zywall to Watchguard

Medium Priority
1,251 Views
Last Modified: 2013-11-16
I have reached the end of my rope on this one. I have two firewalls, a Zywall 70 and a WatchGuard Firebox X5 Edge V7.5. I am trying to setup a VPN between the two and I can't get it to pass traffic. The Zywall says the connection is active, but the Firebox does not. Here is the configuration for the Zywall

Local Network
Range Address
10.254.253.0
10.254.253.254

Remote Network
Range Address
192.168.0.0
192.168.0.244

Gateway Policy Information
My Zywall 74.92.115.69
Primary Remote Gateway 69.141.55.49

Manual Proposal
SPI - 1
Encapsulation Mode  - Tunnel
Active Protocol - ESP
Encryption Algorithm 3DES
Authentication Algorithm SHA1

I have not include the encryption keys for security reasons, but I have double checked to make sure they are the same on both firewalls.

Here is the configuration for the Firebox

Phase 1 Settings
Mode- Main Mode
Remote IP Address
             Local ID - 69.141.55.49   Type: IP Addr
             Remote ID - 74.92.115.96   Type: IP Addr
Authentication Algorithem- SHA1-HMAC
Encryption Algorithm 3DES-CBC
Negotiation Expires in 0 KB
Negotiation expires in 24 hours
Diffie-Helman Group - 1
Yes to Send IKE keep alive messages

Phase 2 settings
Authentication Algorithm- SHA-HMAC
Encryption Algorithm- 3DES-CBC
Local Network 192.168.0.0/24
Remote Network 10.254.253.0/24


Any guidance on how I can get this working would be greatly appreciated.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007

Commented:
The settings look good; can you post few sanitized logs which would help understand which settings is not matching at the ends.

Also, have you got any other VPN tunnel working on these boxes; just want to make sure that ISP is not blocking the VPN traffic.

Thank you.
ccomleyDirector

Commented:
The Zywall config should also havea  section like this, which you should feed in teh complimentary data.

Remote IP Address
             Local ID - 69.141.55.49   Type: IP Addr
             Remote ID - 74.92.115.96   Type: IP Addr


What does the log on each box show as the tunnel is brought up?

Oh - and you might try putting the Local and Remote network addresses in as "networks" not "ranges" in the zywall to match what you have done on the Watchguard - though I don't think it matters. Can't hurt to be consistent.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.