Fireware “How To†- WatchGuard Technologies
Fireware “How To†- WatchGuard Technologies
Fireware “How To†- WatchGuard Technologies
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring the VPN Endpoint - Company ALocal Settings, ID Type 95.1.1.1Pre-shared keySh4redK3y*Must be same on both VPNendpointsCautionIn this example, we keep the default Phase 1 Settings. For more information about any of the fields in the NewGateway dialog box, see http://www.watchguard.com/support/<strong>Fireware</strong>_HowTo/HowTo_ManualBOVPN.5 Click OK to return to the New Tunnel dialog box.
6 Click Advanced. Clear all check boxes. Click OK.If you not change these Phase 2 Advanced Settings, your BOVPN tunnel will not negotiate correctly. Without this change, thesecond VPN endpoint will look for Firebox A’s trusted network instead of Firebox A’s external interface after you enabledynamic NAT.7 Click Add to add a tunnel policy.8 In this example, we create a one-way tunnel policy from the trusted network of Company A to the trustednetwork of Company B. To do this, type these values:Local 10.1.1.0/24Remote 192.168.0.0/249 Use the Direction drop-down list to select -->. Then, select the DNAT checkbox.10 Click OK. Save these changes to the Firebox at Company A.4
Configuring the VPN Endpoint - Company BConfiguring the VPN Endpoint - Company BNow that the Firebox at Company A is configured as a VPN endpoint, you must configure the Firebox at Company B asa VPN endpoint to complete the BOVPN tunnel between the two devices.1 From Firebox B Policy Manager, select VPN > Branch Office Tunnels. Select Add to add a new BOVPN tunnel.The New Tunnel dialog box appears.2 Give the BOVPN tunnel a name. For this example, use AccessToCompanyBserver.3 Select the New Phase 2 Proposal icon, as shown in the screenshot above.The New Gateway dialog box appears.4 Create a new gateway. For this example, we use these values:Gateway NamePartnerCompanyRemote Gateway Settings,Gateway IPRemote Gateway Settings,ID Type95.1.1.195.1.1.1
Local Settings, ID Type 42.1.1.1Pre-shared keySh4redK3y*Must be same on both VPNendpointsCautionIn this example, we keep the default Phase 1 Settings. For mor e information about any of the fields in the NewGateway dialog box, see http://www.watchguard.com/support/<strong>Fireware</strong>_HowTo/HowTo_ManualBOVPN.5 Click OK to return to the New Tunnel dialog box.6
6 Click Add to add a tunnel policy.7 In this example, we create a one-way tunnel policy from the trusted network of Company B toIP address of theFirebox at Company A. This is the IP address applied when DNAT is enabled for the traffic from Company A’strusted network. To do this, type these values:Local 192.168.0.0/24Remote 95.1.1.18 Use the Direction drop-down list to select
Change language