Solved

Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard

Posted on 2013-10-31
3
651 Views
Last Modified: 2013-11-06
Hello,
We have a client with a Watchguard firewall (XTM810) at two offices.  They use a branch office VPN via IPSec to connect to the other office.  They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.

How do we make this server appear on the internal network securely?

Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?

I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.

Is there a way to set this up via a NPA server?

Any suggestions appreciated.

Thanks
0
Comment
Question by:cloughs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39615382
One of the options available in the GUI when defining the connection is to enable a "persistent" connection. This will basically cause the connection to dial immediate instead of waiting for a connection request that would trigger an on-demand dial-out.

Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.

-Cliff
0
 
LVL 1

Author Comment

by:cloughs
ID: 39615392
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?

Thanks
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39615466
For site to site VPNs, you'd want to use the "routing and remote access" role. Technet has a ton of documentation on how to configure this role. Some of it hasn't been updated for 2012 yet, so dig into 2008 R2 as well. The setup is similar, as many of those settings haven't been pulled into server manager yet.
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question