Solved

Watchguard XTM515 STATIC IP to XTMv DYNAMIC IP BOVPN

Posted on 2013-12-20
1
807 Views
Last Modified: 2014-01-04
XTMv is a small office virtual firewall running on hyper-v. This server was taken out of a data center where it had a public IP and not is sitting behind a comcast router with an dynamic IP. The branch office "everything" is using the comcast business router for DHCP so ideally would like to just get around changing anything that would affect the local network as it is. With that said, the local network is 10.1.10.0/24 and the XTMv still has the same external NIC but configured with 10.1.10.74/24 so we can manage it. The Xtmv's role is not to provide firewall services for this network but only for the VM's that reside within it/next to the XTMv. Unable to get the tunnel up and running by simply changing the external/static IP that was in place to the 10.1.10.74/24. The local network of the hyper-v server and the vm's are 10.11.0.0/21 so not sure if that is causing this. I put 10.1.10.74 in the DMZ without any luck and just stumped about which way to go here.
0
Comment
Question by:kjudd
1 Comment
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 500 total points
ID: 39733179
This is a little confusing but if I understand the situation, I am seeing two core problems.   First problem is that your "public" IP on the XTMv overlaps the private network.  Unless you are running in drop-in mode, that will cause major problems with routing.   The bigger issue is that IPSec VPNs will not work with private IPs as the end-points and don't like to be NATed through the Comcast "firewall".   Usually, I would recommend putting the Comcast modem in bridge mode and connecting to the firewall.   Then the public IP of the Comcast gets passed through to the public IP of the firewall.   But that wont work for you because of the rest of the network and trying to avoid any changes.  One suggestion would be to put the rest of the network on a separate interface.   So the result would be to have the Comcast modem on port 0 with the Comcast modem set to bridge mode, the virtual servers on port 1 and the rest of the network on port 2.   Some minor subnetting would make this all work pretty seamlessly.  Make sense or did I miss something?  

~Jon
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WatchGuard T50 - Internet Priority Based on VLAN or User 1 78
Opening Ports for Specific LAN IP Address on Juniper SRX240 3 47
VPN Ports 8 53
Configure IP on Sonicwall 2 21
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question