Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TDVPNWGSOHO6200605-01



Similar documents
Technical Document. Creating a VPN. GTA Firewall to Linksys Cable/DSL Router TDVPNLINKSYS

Technical Document. Creating a VPN. GTA Firewall to Cisco PIX 501 TDVPNPIX

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

Configuring GTA Firewalls for Remote Access

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

GNAT Box VPN and VPN Client

GB-OS. Certificate Management. Tel: Fax Web:

Installing the IPSecuritas IPSec Client

Installing the Shrew Soft VPN Client

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Installing the SSL Client for Linux

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

GTA SSL Client & Browser Configuration

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

GB-OS. VPN Gateway. Option Guide for GB-OS 4.0. & GTA Mobile VPN Client Version 4.01 VPNOG

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Shrew Soft VPN Client Configuration for GTA Firewalls

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Cyberoam IPSec VPN Client Configuration Guide Version 4

Configuring IKEv2 VPN for Mac OS X Remote Access to a GTA Firewall

VPNC Interoperability Profile

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

HOWTO: How to configure IPSEC gateway (office) to gateway

Chapter 4 Virtual Private Networking

How To Industrial Networking

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

IPSec VPN Client Installation Guide. Version 4

VPN Tracker for Mac OS X

Chapter 8 Virtual Private Networking

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Configure IPSec VPN Tunnels With the Wizard

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Installation Guide Supplement

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

VPN Wizard Default Settings and General Information

GB-OS Version 5.3. GTA SSL Sentinel. Tel: Fax Web:

GB-OS. Firewall. Version 3.7. User s Guide SOFTWARE GBUG

How do I set up a branch office VPN tunnel with the Management Server?

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Fireware How To Network Configuration

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Configure VPN between ProSafe VPN Client Software and FVG318

Radius Integration Guide Version 9

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Configuring IPsec VPN with a FortiGate and a Cisco ASA

axsguard Gatekeeper IPsec XAUTH How To v1.6

IPSec Pass through via Gateway to Gateway VPN Connection

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

Windows XP VPN Client Example

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

VPN. VPN For BIPAC 741/743GE

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

OfficeConnect Internet Firewall VPN Upgrade User Guide

Chapter 5 Virtual Private Networking Using IPsec

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Understanding the Cisco VPN Client

Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Defender 5.7. Remote Access User Guide

VPN Configuration Guide WatchGuard Fireware XTM

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

SWsoft, Inc. Plesk VPN. Administrator's Guide. Plesk 7.5 Reloaded

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

ISG50 Application Note Version 1.0 June, 2011

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

What information will you find in this document?

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

VPN Tracker for Mac OS X

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

SSL SSL VPN

How To Install Sedar On A Workstation

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

How To Set Up Checkpoint Vpn For A Home Office Worker

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

WatchGuard Mobile User VPN Guide

Defender Delegated Administration. User Guide

Using IPSec in Windows 2000 and XP, Part 2

How to configure VPN function on TP-LINK Routers

Virtual Private Network (VPN)

Sage 100 ERP. Installation and System Administrator s Guide

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Gateway to Gateway VPN Connection

Configuring a VPN between a Sidewinder G2 and a NetScreen

v6.1 Websense Enterprise Reporting Administrator s Guide

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Chapter 6 Basic Virtual Private Networking

Transcription:

Technical Document Creating a VPN GTA Firewall to WatchGuard Firebox SOHO 6 TDVPNWGSOHO6200605-01

Contents Introduction 1 Supported Encryption and Authentication Methods 1 IP Addresses Used in Examples 1 Documentation 2 Additional Documentation 2 GTA Firewall Configuration 4 Configuring the Encryption Objects 4 Configuring the VPN Object 5 Configuring the IPSec Tunnel 6 WatchGuard Firewall Configuration 8 Configuring General Settings 8 Configuring Phase 1 9 Configuring Phase 2 10

I n t r o d u c t i o n This document is written for the firewall administrator who has both a GTA firewall and a WatchGuard Firebox SOHO 6 operating on a network that requires a VPN (Virtual Private Network) to utilize both firewalls. Documentation was developed using a GTA firewall running GB-OS 4.0 and a WatchGuard Firebox SOHO 6 running version 6.1.43 Boot ROM 4.14. This document is written under the assumption that the reader has a strong working knowledge of TCP/IP, GB-OS and Firebox SOHO 6 administration. Note The example configuration in this document assumes both firewalls have static IP addresses. E n c r y p t i o n a n d A u t h e n t i c a t i o n M e t h o d s The following methods of encryption and authentication are supported for this configuration: Table 1.1: Supported Encyption and Authentication Methods Supported Encryption DES or 3DES Supported Authentication SHA1 or MD5 Supported Key Groups Diffie-Hellman Group 1 or 2 I P A d d r e s s e s U s e d i n E x a m p l e s The following IP addresses are used as examples in this document: Table 1.2: IP Addresses Used in Examples GTA Firewall External 199.120.255.78 Protected Network 192.168.71.0/24 WatchGuard Firebox SOHO 6 External 199.120.225.77 Protected Network 192.168.70.0/24 Technical Document Introduction

D o c u m e n t a t i o n A few conventions are used in this document to help you recognize specific elements of the text. If you are viewing this guide in PDF format, color variations may also be used to emphasize notes, warnings and new sections. Bold Italics Italics Blue Underline Small Caps Monospace Font Condensed Bold Bold Small Caps Emphasis Publications Clickable hyperlink (email address, web site or in-pdf link) On-screen field names On-screen text On-screen menus, menu items On-screen buttons, links A d d i t i o n a l D o c u m e n t a t i o n For instructions on installation, registration and setup of your GTA firewall, see the GB-OS User s Guide. For VPN setup and example configurations, see the VPN Option Guide. For optional features, see the appropriate feature guide. Manuals and other documentation can be found on the GTA website (www.gta.com). Documents on the website are either in plain text (*.txt) or Portable Document Format (*.pdf), which requires Adobe Acrobat. A free copy of the program can be obtained from www.adobe.com. 2 Technical Document Introduction

Technical Document Introduction 3

G TA F i r e w a l l C o n f i g u r a t i o n To configure your GTA firewall, log into the Web interface using an administrative account and follow the instructions below to setup up a GTA firewall to WatchGuard Firebox SOHO 6 VPN. Configuring the GTA firewall requires the completion of the following steps: 1. 2. 3. Configuring the Encryption Objects Configuring the VPN Object Configuring the IPSec Tunnel Note GTA recommends that the NTP service be enabled on any GTA firewall using a VPN. C o n f i g u r i n g t h e E n c r y p t i o n O b j e c t s To configure the encryption objects, navigate to Configuration>System>Object Editor>Encryption Objects and click the New icon. Doing so will display the Edit Encryption Object screen. Enter the following settings to define the encryption object to be used during phase 1 of the VPN. Figure 2.1: Creating the Phase 1 Encryption Object Table 2.1: Configuring the Phase 1 Encryption Object Disable Unchecked Name Phase 1 SOHO 6 Description Phase 1 encryption object for GTA firewall to SOHO 6 VPN Encryption Method <3DES> Hash Algorithm <HMAC-SHA1> Key Group <Diffie-Hellman Group 1 (768 bits)> 4 Technical Document GTA Firewall Configuration

Click OK to return the Encryption Objects screen and click the New icon to create the encryption object to be used during phase 2 of the VPN. Figure 2.2: Creating the Phase 2 Encryption Object Table 2.2: Configuring the Phase 2 Encryption Object Disable Unchecked Name Phase 2 SOHO 6 Description Encryption Method Hash Algorithm Key Group Phase 2 encryption object for GTA firewall to SOHO 6 VPN <3DES> <HMAC-SHA1> <Diffie-Hellman Group 2 (1024 bits)> Click OK to return to the Encryption Objects screen and click the Save icon to save the new encryption objects to the GTA firewall s configuration. Next, the VPN object must be configured. C o n f i g u r i n g t h e V P N O b j e c t To configure the VPN object to be used by the connection, navigate to Configuration>System>Object Editor>VPN Objects and click the New icon. Doing so will display the Edit VPN Object screen. Figure 2.3: Configuring the VPN Object Technical Document GTA Firewall Configuration 5

Table 2.3: Configuring the VPN Object Disable Name Description Unchecked SOHO 6 VPN Object VPN Object used in the GTA firewall to SOHO 6 VPN Phase I Exchange Mode <Main> Encryption Object <Phase 1 SOHO 6> As defined in Configuring the Encryption Objects. Advanced Force Mobile Protocol Force NAT-T Protocol Lifetime DPD Interval Unchecked Unchecked 120 minutes 30 seconds Phase II Encryption Object <Phase 2 SOHO 6> Advanced Lifetime As defined in Configuring the Encryption Objects. 60 minutes Click OK to return to the VPN Objects screen and click the Save icon to save the new VPN object to the GTA firewall s configuration. Next, the IPSec tunnel must be configured. C o n f i g u r i n g t h e I P S e c Tu n n e l To configure the IPSec tunnel, which will be utilizing the configured encryption and VPN objects, navigate to Configuration>VPN>IPSec Tunnels and click the New icon. Doing so will display the Edit IPSec Tunnel screen. Figure 2.4: Configuring the IPSec Tunnel 6 Technical Document GTA Firewall Configuration

Table 2.4: Configuring the IPSec Tunnel Disable Unchecked Description GTA firewall to WatchGuard Firebox SOHO 6 VPN IPSec Mode <IKE> VPN Object <SOHO 6 VPN Object > As defined in Configuring the VPN Object. Pre-shared Secret adcdef123456 The pre-shared secret must match on the WatchGuard SOHO 6 firewall. Local Gateway Network <External> This is the external network s logical interface. <Protected Networks> This is the protected network s logical interface. Advanced Identity <IP Address> Remote Gateway 199.120.225.77 Network <USER DEFINED>, 192.168.70.0/24 Advanced Identity <IP Address> Click OK to return to the IPSec Tunnels screen. Under the Advanced tab, ensure that the Automatic Policies checkbox is enabled. By enabling automatic policies, the GTA firewall will generate the necessary VPN policies to allow traffic between the GTA firewall and the WatchGuard Firebox SOHO 6. Figure 2.5: Enabling Automatic Policies Click the Save button to apply the VPN configuration to your GTA firewall. Next, it is necessary to configure the WatchGuard Firebox SOHO 6. Technical Document GTA Firewall Configuration 7

Wa t c h G u a r d F i r e w a l l C o n f i g u r a t i o n To configure your WatchGuard Firebox SOHO 6, log into the web interface using an administrative account and follow the instructions below to setup up a GTA firewall to WatchGuard Firebox SOHO 6 VPN. Once logged into the firewall, navigate to VPN>Manual VPN and click Add. Doing so will display the Add Gateway screen. C o n f i g u r i n g G e n e r a l S e t t i n g s General settings for the Add Gateway screen consist of the name for the VPN connection and the shared key (pre-shared secret). The shared key must match the defined pre-shared secret on the GTA firewall. Table 3.1: Configuring General Settings Name Shared Key GTA This is the user defined name for the VPN. abcdef123456 This field must match the pre-shared secret entered when configuring the GTA firewall s IPSec tunnel. Figure 3.1: Configuring General Settings 8 Technical Document WatchGuard Firewall Configuration

C o n f i g u r i n g P h a s e 1 Under the Phase 1 Settings section of the screen, enter the following information: Mode Table 3.2: Configuring Phase 1 Settings <Main Mode> Local ID 199.120.225.77 Remote ID 199.120.225.78 Authenticaton Algorithm Negotiation Expiration in Kilobytes Negotiation Expiration in Hours Diffie-Hellman Group <1> Enable Perfect Forward Secrecy Generate IKE Keep Alive Messages The WatchGuard Firebox SOHO 6 s external IP address. Set the Type to <IP Address>. The GTA firewall s external IP address. Set the Type to <IP Address>. <SHA1-HMAC> or <MD5> 0 2 Value should be less than or equal to the GTA firewall s Phase 1 Lifetime. Checked Unchecked Figure 3.2: Configuring Phase 1 Technical Document WatchGuard Firewall Configuration

C o n f i g u r i n g P h a s e 2 Under the Phase 2 Settings section of the screen, enter the following information: Authentication Method Encryption Algorithm Negotiation Expiration in Kilobytes Negotiation Expiration in Hours Table 3.3: Configuring Phase 1 Settings <SHA1-HMAC> <3DES-CBC> Configure Local and Remote Network Local Network 192.168.70.0/24 Remote Network 192.168.71.0/24 0 1 Value should be less than or equal to the GTA firewall s Phase 2 Lifetime. The IP address of the WatchGuard Firebox SOHO 6 s protected network. The IP address of the GTA firewall s protected network. Figure 3.3: Configuring Phase 2 Once all the necessary information has been entered, click Submit to commit the configuration. Your GTA firewall to WatchGuard Firebox SOHO 6 VPN is now complete. You can test the VPN s functionality by pinging from a host on one protected network to a host on the other firewall s protected network. 10 Technical Document WatchGuard Firewall Configuration

Technical Document WatchGuard Firewall Configuration 11

Copyright 1996-2006, Global Technology Associates, Incorporated (GTA). All rights reserved. Except as permitted under copyright law, no part of this manual may be reproduced or distributed in any form or by any means without the prior permission of Global Technology Associates, Incorporated. Technical Support GTA includes 30 days up and running installation support from the date of purchase. See GTA s web site for more information. GTA s direct customers in the USA should call or email GTA using the telephone and email address below. International customers should contact a local GTA authorized channel partner. Tel: +1.407.380.0220 Email: support@gta.com Disclaimer Neither GTA, nor its distributors and dealers, make any warranties or representations, either expressed or implied, as to the software and documentation, including without limitation, the condition of software and implied warranties of its merchantability or fitness for a particular purpose. GTA shall not be liable for any lost profits or for any direct, indirect, incidental, consequential or other damages suffered by licensee or others resulting from the use of the program or arising out of any breach of warranty. GTA further reserves the right to make changes to the specifications of the program and contents of the manual without obligation to notify any person or organization of such changes. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation for their use. GTA assumes no responsibility with regard to the performance or use of these products. Every effort has been made to ensure that the information in this manual is accurate. GTA is not responsible for printing or clerical errors. Trademarks & Copyrights GNAT Box, GB Commander and Surf Sentinel are registered trademarks of Global Technology Associates, Incorporated. GB-OS, RoBoX, GB- Ware and Firewall Control Center are trademarks of Global Technology Associates, Incorporated. Global Technology Associates and GTA are registered service marks of Global Technology Associates, Incorporated. The GTA Mobile VPN Client is licensed from TheGreenBow. Microsoft, Internet Explorer, Microsoft SQL and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Adobe and Adobe Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Linux is a registered trademark of Linus Torvalds. BIND is a trademark of the Internet Systems Consortium, Incorporated and University of California, Berkeley. WELF and WebTrends are trademarks of NetIQ. Sun, Sun Microsystems, Solaris and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Java software may include software licensed from RSA Security, Inc. Some products contain software licensed from IBM are available at http://oss.software.ibm.com/icu4j/. SurfControl is a registered trademark of SurfControl plc. Some products contain technology licensed from SurfControl plc. Some products include software developed by the OpenSSL Project (http://www.openssl.org/). Kaspersky Lab and Kaspersky Anti-Virus is licensed from Kaspersky Lab Int. Some products contain technology licensed from Kaspersky Lab Int. Mailshell and Mailshell Anti-Spam is a trademark of Mailshell Incorporated. Some products contain technology licensed from Mailshell Incorporated. All other products are trademarks of their respective companies. Global Technology Associates, Inc. 3505 Lake Lynda Drive, Suite 109 Orlando, FL 32817 USA Tel: +1.407.380.0220 Fax: +1.407.380.6080 Web: http://www.gta.com Email: info@gta.com 12 Technical Document

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information