ipsec ISA to Watchguard

Hello

have any documentation to create ipsec Isa ->Watchguard ??

thanks

Reply to
Aventao
Loading thread data ...

You want to setup a IPSEC tunnel between some device and a WatchGuard?

You kind of left out a lot of information:

1) What source device and firmware version - be specific 2) What WG device and firmware version - be specific

If you have Live Security service you can also call WG, they are very good at support.

Reply to
Leythos

yes i have support, but support don´t support ISA SERVER.

I have Fireware Pro 9.1 , with a fireware X5500e Peak , and Isa server 2004

"Leythos" escribió en el mensaje news:0056e6d2$0$31287$ snipped-for-privacy@news.astraweb.com...

Reply to
Aventao

So, which part is broken, Phase I or Phase II?

Did you get it to connect, but you can't pass data?

--=20

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a=20 drug dealer an "unlicensed pharmacist" snipped-for-privacy@rrohio.com (remove 999 for proper email address)

Reply to
Leythos

Phase II , yes pass data

"Leythos" escribió en el mensaje news: snipped-for-privacy@us.news.astraweb.com... >

So, which part is broken, Phase I or Phase II?

Did you get it to connect, but you can't pass data?

Reply to
Aventao

While I'm not doing a IPSec to a ISA server, here is the basic WG settings I've found that work with all other firewall devices:

Gateway Use a pre-shared key (not a IPSec FB Cert) Local Gateway: Your FB IP Address (Public) Interface External Remote Gateway: IP Address of other device/fw (Public) Type: Ip Address ID: IP Address of other device/fw (Public) Phase 1 Mode - Main Fall Back to Aggressive X Nat Traversal X IKE Keep-Alive SHA1-3DES, DH 1

BO Tunnel Address Local ANY Remote (IP Subnet of LAN side) Phase II

- PFS (not enabled) SA Settings (unchecked - default) IPSec Proposals ESP-3DES-SHA1

This will get the tunnel, but you need a rule to allow traffic between your LAN and the remote LAN.

Reply to
Leythos

thanks i try , try and try ..

"Leythos" escribió en el mensaje news: snipped-for-privacy@us.news.astraweb.com...

Reply to
Aventao

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.