?
Solved

Watchguard XTM515 STATIC IP to XTMv DYNAMIC IP BOVPN

Posted on 2013-12-20
1
Medium Priority
?
829 Views
Last Modified: 2014-01-04
XTMv is a small office virtual firewall running on hyper-v. This server was taken out of a data center where it had a public IP and not is sitting behind a comcast router with an dynamic IP. The branch office "everything" is using the comcast business router for DHCP so ideally would like to just get around changing anything that would affect the local network as it is. With that said, the local network is 10.1.10.0/24 and the XTMv still has the same external NIC but configured with 10.1.10.74/24 so we can manage it. The Xtmv's role is not to provide firewall services for this network but only for the VM's that reside within it/next to the XTMv. Unable to get the tunnel up and running by simply changing the external/static IP that was in place to the 10.1.10.74/24. The local network of the hyper-v server and the vm's are 10.11.0.0/21 so not sure if that is causing this. I put 10.1.10.74 in the DMZ without any luck and just stumped about which way to go here.
0
Comment
Question by:kjudd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 2000 total points
ID: 39733179
This is a little confusing but if I understand the situation, I am seeing two core problems.   First problem is that your "public" IP on the XTMv overlaps the private network.  Unless you are running in drop-in mode, that will cause major problems with routing.   The bigger issue is that IPSec VPNs will not work with private IPs as the end-points and don't like to be NATed through the Comcast "firewall".   Usually, I would recommend putting the Comcast modem in bridge mode and connecting to the firewall.   Then the public IP of the Comcast gets passed through to the public IP of the firewall.   But that wont work for you because of the rest of the network and trying to avoid any changes.  One suggestion would be to put the rest of the network on a separate interface.   So the result would be to have the Comcast modem on port 0 with the Comcast modem set to bridge mode, the virtual servers on port 1 and the rest of the network on port 2.   Some minor subnetting would make this all work pretty seamlessly.  Make sense or did I miss something?  

~Jon
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question