Solved

Watchguard XTM515 STATIC IP to XTMv DYNAMIC IP BOVPN

Posted on 2013-12-20
1
786 Views
Last Modified: 2014-01-04
XTMv is a small office virtual firewall running on hyper-v. This server was taken out of a data center where it had a public IP and not is sitting behind a comcast router with an dynamic IP. The branch office "everything" is using the comcast business router for DHCP so ideally would like to just get around changing anything that would affect the local network as it is. With that said, the local network is 10.1.10.0/24 and the XTMv still has the same external NIC but configured with 10.1.10.74/24 so we can manage it. The Xtmv's role is not to provide firewall services for this network but only for the VM's that reside within it/next to the XTMv. Unable to get the tunnel up and running by simply changing the external/static IP that was in place to the 10.1.10.74/24. The local network of the hyper-v server and the vm's are 10.11.0.0/21 so not sure if that is causing this. I put 10.1.10.74 in the DMZ without any luck and just stumped about which way to go here.
0
Comment
Question by:kjudd
1 Comment
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 500 total points
Comment Utility
This is a little confusing but if I understand the situation, I am seeing two core problems.   First problem is that your "public" IP on the XTMv overlaps the private network.  Unless you are running in drop-in mode, that will cause major problems with routing.   The bigger issue is that IPSec VPNs will not work with private IPs as the end-points and don't like to be NATed through the Comcast "firewall".   Usually, I would recommend putting the Comcast modem in bridge mode and connecting to the firewall.   Then the public IP of the Comcast gets passed through to the public IP of the firewall.   But that wont work for you because of the rest of the network and trying to avoid any changes.  One suggestion would be to put the rest of the network on a separate interface.   So the result would be to have the Comcast modem on port 0 with the Comcast modem set to bridge mode, the virtual servers on port 1 and the rest of the network on port 2.   Some minor subnetting would make this all work pretty seamlessly.  Make sense or did I miss something?  

~Jon
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now