Configuring BOVPN and directing traffic between two Watchguard Devices

I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
Tom FI.T. and Support Staff ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N. SpearsSr.Net.EngCommented:
Is your home office wired and wireless traffic on the same subnet. I assume if you are trying to use a certain port on the Watchguard for VPN traffic, it must be the gateway for a separate subnet. That said, I assume Watchguard does routed vpn. If so, you'd just route to the remote subnet over the created vpn interface. The firewall rule over the vpn would only allow to source from the subnet attached to the one port on the watchguard and not the subnet for the wireless.

If wireless is on the same subnet as the one port, I don't see how you would filter or prevent wireless devices from using the vpn.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tom FI.T. and Support Staff ManagerAuthor Commented:
RIght now everything is on the same subnet.  Currently the uVerse router is dishing out wired and wireless access to the home.  

I'm looking to setup a PC and VoIP phone to communicate over the VPN and want everything else going out the the WAN.
N. SpearsSr.Net.EngCommented:
Yeah, so basically you will need a separate subnet for the PC and VOIP that you want to traverse the VPN, or worst case, only allow their ip addresses over the tunnel. Routing should be standard. A default route out to your internet and vpn networks over the tunnel interface on the firewall.
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
On Watchguard BOVPN, the routing is determined in the Phase 2 (tunnel) settings when you specify the remote and local resources.

You can modify the rule to only allow the IP addresses you specify over the tunnel. You could also move the wireless from the bridged connection to its own interface so that it would be on a separate subnet. But I think the least amount of work for you would be to put in some DHCP reservations on the XTM2 device and then only allow those specific IP addresses by modifying the rule on the T70. (there's tons of ways to accomplish the same thing)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.