Ed Shnatter
asked on
Setting up a watchguard T35 VPN to a windows 10 PC.
Sorry for such a noob question. We have a Watchguard T35. Right now it has a Branch to branch VPN set up to another watchguard.
It also has the capability to make a vpn to a specific computer that's on the road, right? What app(s) can be installed on the windows 10 computer that can do that?
Preferably free. Does watchguard include software to do that? Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints? or an vpn software works?
THANKS!
It also has the capability to make a vpn to a specific computer that's on the road, right? What app(s) can be installed on the windows 10 computer that can do that?
Preferably free. Does watchguard include software to do that? Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints? or an vpn software works?
THANKS!
Hi there Ed,
I believe this is what you are looking for:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_about_c.html
Kenza :)
I believe this is what you are looking for:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_about_c.html
Kenza :)
ASKER
Thanks! I found that page you mention Kaenza after posting here.
So in testing things, I connected a win 10 PC at my house to the office network's watchguard.
But a problem.... my network at home is 192.168.1.0. The office network is 192.168.1.0.
I know on a VPN, the 2 locations need different subnets. I DID get a 192.168.4.0 IP address for the VPN. But I have the house 192.168.1.0 subnet also.
Do I have to change the subnet at my house to be different from the office subnet? Or how do I tell windows to route certain things via the 192.168.4.0 network to 192.168.1.0?
What I need to do is get to the server (192.168.1.5) file shares over the VPN. All other traffic can go through the normal house gateway
And looking at the IKE VPN, it shows my ip as 192.168.4.1, the subnet mask is 255.255.255.255 Usually that last octet is 0 or something else.. but haven't ever seen all 255s. That's OK? And it shows the default gateway as 0.0.0.0
Is it that my house subnet is the same as the office that I can't ping the server or even firewall? or is the IKE not setup correctly? It DOES show I am connected and I do have the IP in the range I set at the office server. So it seems the connection was made, but I can't test / do anything beyond that to confirm things. actually, remoting into the server using logmein, I don't get replies when I ping 192.168.4.1 from the server.
And if I try to access file shares on my home PC, using windows explorer, typing \\192.168.4.1 I'd expect to be prompted for a username / password but it says it can't connect.
So in testing things, I connected a win 10 PC at my house to the office network's watchguard.
But a problem.... my network at home is 192.168.1.0. The office network is 192.168.1.0.
I know on a VPN, the 2 locations need different subnets. I DID get a 192.168.4.0 IP address for the VPN. But I have the house 192.168.1.0 subnet also.
Do I have to change the subnet at my house to be different from the office subnet? Or how do I tell windows to route certain things via the 192.168.4.0 network to 192.168.1.0?
What I need to do is get to the server (192.168.1.5) file shares over the VPN. All other traffic can go through the normal house gateway
And looking at the IKE VPN, it shows my ip as 192.168.4.1, the subnet mask is 255.255.255.255 Usually that last octet is 0 or something else.. but haven't ever seen all 255s. That's OK? And it shows the default gateway as 0.0.0.0
Is it that my house subnet is the same as the office that I can't ping the server or even firewall? or is the IKE not setup correctly? It DOES show I am connected and I do have the IP in the range I set at the office server. So it seems the connection was made, but I can't test / do anything beyond that to confirm things. actually, remoting into the server using logmein, I don't get replies when I ping 192.168.4.1 from the server.
And if I try to access file shares on my home PC, using windows explorer, typing \\192.168.4.1 I'd expect to be prompted for a username / password but it says it can't connect.
So if you are going to change the subnet go for your home subnet and have it on 192.168.9.* or something.
If there are IP Conflicts then you will not be able to access the servers so try changing the IP Range on your router first.
Also you would need to use the IP of the server in the office rather than the 192.168.4.1 IP Address :)
Kenza
If there are IP Conflicts then you will not be able to access the servers so try changing the IP Range on your router first.
Also you would need to use the IP of the server in the office rather than the 192.168.4.1 IP Address :)
Kenza
ASKER
Kenza - thanks for the reply. I started writing this but then did some things farther down with the route command.
Some questions:
Your first line - IF you are going to change.....
That sounds like I have a choice?! That I don't HAVE TO change one of the subnets?
office is 192.168.1.0
home is 192.168.1.0
The IP my computer got from the VPN is 192.168.4.1
On this watchguard, I have set up a branch to branch VPN. and each branch has a different subnet than the office. I understand the need for that.
But maybe a bit of a learning curve for me here / another way to do this rather than change the home subnet: Is there a way to tell the PC that when I want to access the server which is in the office on 192.168.1.5, use the VPN. All other traffic, use the NIC / home 192.168.1.0 subnet?
And the last line - 'you would need to use the IP of the server in the office... what do you mean 'use the IP'? In file explorer, I'd like to be able to type \\192.168.1.5 and see the shares on the server.
Do I have to change the subnet at the house or can I get away with some routing command.
--
So I found this page:
https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/
I ran the command route add 192.168.1.5 mask 255.255.255.255 192.168.4.2
and got OK! and then route print showed that was in the table.
(for some reason, I reconnected with the VPN and got the .2 IP address now.
But pinging 192.168.1.5, the server, didn't get replies
and in file explorer, typing \\192.168.1.5 didn't get me prompted for domain credentials to log in.
thoughts?
Some questions:
Your first line - IF you are going to change.....
That sounds like I have a choice?! That I don't HAVE TO change one of the subnets?
office is 192.168.1.0
home is 192.168.1.0
The IP my computer got from the VPN is 192.168.4.1
On this watchguard, I have set up a branch to branch VPN. and each branch has a different subnet than the office. I understand the need for that.
But maybe a bit of a learning curve for me here / another way to do this rather than change the home subnet: Is there a way to tell the PC that when I want to access the server which is in the office on 192.168.1.5, use the VPN. All other traffic, use the NIC / home 192.168.1.0 subnet?
And the last line - 'you would need to use the IP of the server in the office... what do you mean 'use the IP'? In file explorer, I'd like to be able to type \\192.168.1.5 and see the shares on the server.
Do I have to change the subnet at the house or can I get away with some routing command.
--
So I found this page:
https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/
I ran the command route add 192.168.1.5 mask 255.255.255.255 192.168.4.2
and got OK! and then route print showed that was in the table.
(for some reason, I reconnected with the VPN and got the .2 IP address now.
But pinging 192.168.1.5, the server, didn't get replies
and in file explorer, typing \\192.168.1.5 didn't get me prompted for domain credentials to log in.
thoughts?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks... interesting. I used advanced IP scanner to see what devices are on the home network / what static devices I set up.... Happened to do that on the machine that had the VPN connection that was connected.
I saw machines on my network.... and at least some on the office network : )
I saw machines on my network.... and at least some on the office network : )
yes but you would have IP conflicts so best to setup a different subnet
I've used both and prefer the IKEv2 option but you have to be able to live without the Active Directory integration.