• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 869
  • Last Modified:

Watchguard XTM515 STATIC IP to XTMv DYNAMIC IP BOVPN

XTMv is a small office virtual firewall running on hyper-v. This server was taken out of a data center where it had a public IP and not is sitting behind a comcast router with an dynamic IP. The branch office "everything" is using the comcast business router for DHCP so ideally would like to just get around changing anything that would affect the local network as it is. With that said, the local network is 10.1.10.0/24 and the XTMv still has the same external NIC but configured with 10.1.10.74/24 so we can manage it. The Xtmv's role is not to provide firewall services for this network but only for the VM's that reside within it/next to the XTMv. Unable to get the tunnel up and running by simply changing the external/static IP that was in place to the 10.1.10.74/24. The local network of the hyper-v server and the vm's are 10.11.0.0/21 so not sure if that is causing this. I put 10.1.10.74 in the DMZ without any luck and just stumped about which way to go here.
0
kjudd
Asked:
kjudd
1 Solution
 
Jon SnydermanCommented:
This is a little confusing but if I understand the situation, I am seeing two core problems.   First problem is that your "public" IP on the XTMv overlaps the private network.  Unless you are running in drop-in mode, that will cause major problems with routing.   The bigger issue is that IPSec VPNs will not work with private IPs as the end-points and don't like to be NATed through the Comcast "firewall".   Usually, I would recommend putting the Comcast modem in bridge mode and connecting to the firewall.   Then the public IP of the Comcast gets passed through to the public IP of the firewall.   But that wont work for you because of the rest of the network and trying to avoid any changes.  One suggestion would be to put the rest of the network on a separate interface.   So the result would be to have the Comcast modem on port 0 with the Comcast modem set to bridge mode, the virtual servers on port 1 and the rest of the network on port 2.   Some minor subnetting would make this all work pretty seamlessly.  Make sense or did I miss something?  

~Jon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now