Configuring BOVPN and directing traffic between two Watchguard Devices
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location. In front of the XTM2 I will have an AT&T uverse router in bridged mode.
I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN. I'd like all of the wireless traffic to travel out to the internet.
Can someone please tell me if this is possible and point me in the right direction for accomplishing this? I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN. I'd like all of the wireless traffic to travel out to the internet.
Can someone please tell me if this is possible and point me in the right direction for accomplishing this? I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yeah, so basically you will need a separate subnet for the PC and VOIP that you want to traverse the VPN, or worst case, only allow their ip addresses over the tunnel. Routing should be standard. A default route out to your internet and vpn networks over the tunnel interface on the firewall.
On Watchguard BOVPN, the routing is determined in the Phase 2 (tunnel) settings when you specify the remote and local resources.
You can modify the BOVPN.in rule to only allow the IP addresses you specify over the tunnel. You could also move the wireless from the bridged connection to its own interface so that it would be on a separate subnet. But I think the least amount of work for you would be to put in some DHCP reservations on the XTM2 device and then only allow those specific IP addresses by modifying the BOVPN.in rule on the T70. (there's tons of ways to accomplish the same thing)
You can modify the BOVPN.in rule to only allow the IP addresses you specify over the tunnel. You could also move the wireless from the bridged connection to its own interface so that it would be on a separate subnet. But I think the least amount of work for you would be to put in some DHCP reservations on the XTM2 device and then only allow those specific IP addresses by modifying the BOVPN.in rule on the T70. (there's tons of ways to accomplish the same thing)
ASKER
I'm looking to setup a PC and VoIP phone to communicate over the VPN and want everything else going out the the WAN.