Branch Office VPN.

[jjjax0330]

We are looking to setup new warehouse at another location and want them to be able to access our Windows 2000/2003 network somehow. We have a Watchguard x700 at our main location now and know that it has a branch office vpn option but need a little help to see if this is a good way to go. We'd like to pretty much be able to allow those users connect to our network as if they were here so that they can access our sql servers, exchange and so on yet when they print, we'd like to pretty much have them print locally. I have played around this a little from home but can't seem to get watchguard vpn to authenticate me and from what I see and have found is that it might be because my home cable account might not allow it or because it's not a public IP address.

Is Watchguard a good solution for this or can someone recommend another option. Thanks, Joe

 

[coladmin]

yes watchguard is a great solutuon for this senario.I have this setup with 5 locaitons and it works great. you have two options to do this. you could purchase the VPN manager which makes creating the VPN very easy as it is all window driven and it help you to manage the tunnels in the future. or you could set up a manual VPN tunnel with your orhter firebox. if you are going to do this I would recommend opening a support case with watchguard as this cometimes can be a pain to setup. basically the VPN settings need to be the same on both sides

 

[xwire]

I agree with coladmin, We use Watchguard similar to what your wanting to do between the warehouses. We also have the x700 as well, on the other end of the VPN tunnel we have another Watchguard Edge X15 as this office is smaller. They can open, copy, move, print files, as well as open their exchange mailboxes, we dont have SQL but I am sure it would be no problem for you either.

Coladmin is right also that the settings on the VPN setup needs to be the same on both sides as this can cause headaches if one little setting is off between the Fireboxes.

 

[coladmin]

one other thing to keep in mind since you exchange server is going to be in another locaiton it would be a good idea if you are using Outlook to set up the profiles to use Cahced exchange mode. this way they will not have to worry about opening any large files over the WAN

 

[coladmin]

one other thing to mention is that we used several applicaiton in a remote site that relied on a SQL server in our main site and it worked fine with out noticable delay

 

[jjjax0330]

Thanks to all for the good input. I'll post an update as to how it turns out.

 

[Frankenherder]

Hey, can someone help me with some settings?

I have a FB 1000 and a Edge 15x and for the life of me I cannot use the WSM software to create the VPN.

They both show the policy in BOVPN tunnels but I cannot communicate. The tunnel is not up. Can't ping or anything.

Any pointers?

thanks
Matt

 

[vineet007]

Its better to call the support for the same.

 

[Frankenherder]

Thanks for the insight.

If everyone posted an answer to call support, there would be no site here.

Matt

 

[pankajchawla]

You may need to remove and readd the tunnel. Honestly speaking WSM is not one of the good options in watchguard. the best is the manual IPSEC. Anyways give recreating a try and see how it goes.