Solved

Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard

Posted on 2013-10-31
3
634 Views
Last Modified: 2013-11-06
Hello,
We have a client with a Watchguard firewall (XTM810) at two offices.  They use a branch office VPN via IPSec to connect to the other office.  They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.

How do we make this server appear on the internal network securely?

Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?

I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.

Is there a way to set this up via a NPA server?

Any suggestions appreciated.

Thanks
0
Comment
Question by:cloughs
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39615382
One of the options available in the GUI when defining the connection is to enable a "persistent" connection. This will basically cause the connection to dial immediate instead of waiting for a connection request that would trigger an on-demand dial-out.

Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.

-Cliff
0
 
LVL 1

Author Comment

by:cloughs
ID: 39615392
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?

Thanks
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39615466
For site to site VPNs, you'd want to use the "routing and remote access" role. Technet has a ton of documentation on how to configure this role. Some of it hasn't been updated for 2012 yet, so dig into 2008 R2 as well. The setup is similar, as many of those settings haven't been pulled into server manager yet.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now