Configuring a WatchGuard SOHO to SOHO IPSec Tunnel
Configuring a WatchGuard SOHO to SOHO IPSec Tunnel Configuring a WatchGuard SOHO to SOHO IPSec Tunnel
Frequently Asked QuestionsWhy do I need a static public address?To create a connection, one SOHO must be able to find its partner device. If theaddresses were allowed to change, the SOHO could not find its remote computer.How do I get a static public IP address?Contact your ISP. Some systems, like many cable modem systems, use dynamicallyassigned (DHCP) addresses to simplify basic installations. Some providers may alsouse this feature to discourage users from creating Web servers. These providersusually offer a static IP Address option.How do I connect three or four offices together?To connect more than two offices together, WatchGuard recommends designating oneoffice to be the center of a star network configuration and upgrading it to aWatchGuard Firebox II, or Firebox II FastVPN. You can then manage multiple tunnelsto SOHOs or other IPSec compliant devices from the central Firebox. In addition, theVPN Manager 2.0 add-on allows quick and easy creation and management ofmultiple tunnels.How do I troubleshoot the connection?Use the ping method described above. If you can ping the remote SOHO andcomputers behind it, your VPN tunnel is up and running. Any remaining problemsprobably reside with MS Networking or an application used.When I ping, I am not receiving a reply from the SOHO.If you cannot ping the remote SOHO, take the following steps to identify the problem:1 Ping the public address of the remote SOHO.Following our example, from Site A, ping 108.200.23.101 (Site B). You should get a reply. Ifnot, verify the Public Network Settings of Site B. If they are correct, verify that computers atSite B can access the internet. If you are still having trouble, contact your ISP.2 Once you can ping the public address of each SOHO, try pinging the privateaddress.From Site A, ping 10.10.10.20. If the tunnel is up, you should get a reply from the remoteSOHO. If not, re-check the Local Settings page. Make sure that the local DHCP addressesranges do not overlap. That is, be certain that the internal networks are different.Glossary of TermsDES – Data Encryption SchemeA cryptographic mechanism used to encrypt data before placing it in the Internetsystem. Once the data is encrypted, it is safer to transport via the public Internetsystem. Without encryption, the data may be easily read by any computer along itsroute.TunnelA tunnel is used to route traffic between two networks. Creating a tunnel betweentwo SOHOs can join the two local networks, with each maintaining different privateaddresses.6 WatchGuard SOHO with VPN Manager 2.1
Glossary of TermsVPN – Virtual Private NetworkVPN consists of several technologies to allow two or more networks in differentlocations to be joined over the Internet. The first, tunneling technology, allows trafficon one network which is destined for the other to be routed to it via the Internet. Thesecond, cryptography technology, assures that intermediaries along the publicInternet route cannot read and/or alter messages flowing between locations.Copyright and Patent InformationCopyright© 1998 - 2001 WatchGuard Technologies, Inc. All rights reserved.WatchGuard, Firebox, and LiveSecurity are either a trademark or registered trademark of WatchGuard Technologies, Inc. inthe United States and other countries. This product is covered by one or more pending patent applications.DocVer B-2.3.x-SOHO to SOHO-1IPSec Tunnel Configuration 7
- Page 1 and 2: Configuring a WatchGuard SOHO toSOH
- Page 3 and 4: Configuring the WatchGuard SOHO for
- Page 5: Verifying the Tunnelserver on a com
Glossary of TermsVPN – Virtual Private NetworkVPN consists of several technologies <strong>to</strong> allow two or more networks in differentlocations <strong>to</strong> be joined over the Internet. The first, tunneling technology, allows trafficon one network which is destined for the other <strong>to</strong> be routed <strong>to</strong> it via the Internet. Thesecond, cryp<strong>to</strong>graphy technology, assures that intermediaries along the publicInternet route cannot read and/or alter messages flowing between locations.Copyright and Patent InformationCopyright© 1998 - 2001 <strong>WatchGuard</strong> Technologies, Inc. All rights reserved.<strong>WatchGuard</strong>, Firebox, and LiveSecurity are either a trademark or registered trademark of <strong>WatchGuard</strong> Technologies, Inc. inthe United States and other countries. This product is covered by one or more pending patent applications.DocVer B-2.3.x-<strong>SOHO</strong> <strong>to</strong> <strong>SOHO</strong>-1<strong>IPSec</strong> <strong>Tunnel</strong> Configuration 7
Change language