|
WatchGuard Firebox Settings
Connect to the Firebox with the control center.
Open the policy manager.
Open -› Network -› Branch Office VPN-› Manual
IPSec
Click <Gateways...> click <Add.>
A box <Remote Gateway> appears Enter a descriptive Name
for the Remote Gateway. Ensure this name matches the Name
of the LAN-to-LAN dialler profile that will be specified later
in the DrayTek Vigor configuration.
Select <Key Negation Type> <isakmp (dynamic)>
Select Remote ID Type <IP Address>.
Enter the <Gateway IP address>, the DrayTek Vigor WAN
Interface.
This can be allocated by the ISP if ISDN/DSL "dial up"
is used.
Enter the <Shared Key>. This must be the same as the
shared secret that will be entered in the DrayTek Vigor configuration
later in this document.
Press "More", and put in 8 hours in "Negotiation
Timeouts" as below.
Click <OK> twice
Click <Tunnels...> Click <Add..> the Select Gateway
Box appears:
Select the Gateway configured above and press <OK>
Enter a descriptive Name for the Tunnel. This will appear
in the Watchguard Control Center.
Enter the Tab <Phase 2 Settings>.
Select <Type> <ESP (Encapsulated Security Payload)>,
Select <Authentication> <MD5-HMAC>, <Encryption>
<3DES-CBC> or <DES-CDC>
Press <OK> twice.
In IP Sec Configuration press<Add>.
In <Local> Enter the network address and subnet mask
of the LAN used on the Firebox. This must be the private address
if NAT is enabled.
In <Remote> Enter the network address and subnet mask
of the LAN used on the DrayTek Vigor. This must be the private
address if NAT is enabled. Select <Disposition> <secure>,
Select <Tunnel> the configured tunnel above.
In the Policy manager click the <plus> 
Symbol to add a new Service.
the Services box will appear.
Select <Packet Filter> -› <Any> and press
<Add...>.
Enter a Name for this Service. and press <OK>.
Configure the rules to allow traffic between the networks
connected via the tunnel. In our example we allow all traffic.
Press <OK>.
Save the Settings to the Firebox.
Press <OK>. |
|
|
Page last modified : 13 October 2008 |