• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 674
  • Last Modified:

Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard

Hello,
We have a client with a Watchguard firewall (XTM810) at two offices.  They use a branch office VPN via IPSec to connect to the other office.  They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.

How do we make this server appear on the internal network securely?

Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?

I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.

Is there a way to set this up via a NPA server?

Any suggestions appreciated.

Thanks
0
cloughs
Asked:
cloughs
  • 2
1 Solution
 
Cliff GaliherCommented:
One of the options available in the GUI when defining the connection is to enable a "persistent" connection. This will basically cause the connection to dial immediate instead of waiting for a connection request that would trigger an on-demand dial-out.

Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.

-Cliff
0
 
cloughsAuthor Commented:
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?

Thanks
0
 
Cliff GaliherCommented:
For site to site VPNs, you'd want to use the "routing and remote access" role. Technet has a ton of documentation on how to configure this role. Some of it hasn't been updated for 2012 yet, so dig into 2008 R2 as well. The setup is similar, as many of those settings haven't been pulled into server manager yet.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now