Solved

Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard

Posted on 2013-10-31
3
619 Views
Last Modified: 2013-11-06
Hello,
We have a client with a Watchguard firewall (XTM810) at two offices.  They use a branch office VPN via IPSec to connect to the other office.  They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.

How do we make this server appear on the internal network securely?

Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?

I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.

Is there a way to set this up via a NPA server?

Any suggestions appreciated.

Thanks
0
Comment
Question by:cloughs
  • 2
3 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39615382
One of the options available in the GUI when defining the connection is to enable a "persistent" connection. This will basically cause the connection to dial immediate instead of waiting for a connection request that would trigger an on-demand dial-out.

Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.

-Cliff
0
 
LVL 1

Author Comment

by:cloughs
ID: 39615392
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?

Thanks
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39615466
For site to site VPNs, you'd want to use the "routing and remote access" role. Technet has a ton of documentation on how to configure this role. Some of it hasn't been updated for 2012 yet, so dig into 2008 R2 as well. The setup is similar, as many of those settings haven't been pulled into server manager yet.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now