Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FB1000 BOVPN IPsec

Status
Not open for further replies.
taubate

taubate

Programmer
Jun 29, 2001
141
0
0
US
We have a branch office that will be connecting via DSL to our main office where the servers are. Our FB1000 v7.0 is between the internet and our servers. The DSL is dynamic IP and the servers are win2k sp3. The client machines at the branch office run win98SE. I'll be installing the L2TP/IPsec VPN client on the win98 machines.

What we need to do is to setup BOVPN using IPsec (we have a Netgear DG814 DSL modem at the branch office). The branch office is on a 10.50.6.x network.

But I have to confess that I have no clue what the settings should be. I am referring to the following:

For the Gateway: key negotiation type, remote ID type, gateway identifier, phase 1 authentication, phase 1 encryption, diffie-Hellman group, enable perfect forward security (yes or no), enable aggressive mode (yes or no).

For the tunnel (which is dependent on the key negotiation type): ESP or AH and what the settings should be.

And then there is Routing Policy...

I know it's a lot of info that I'm hunting for, but as a first-timer, there's always a learning curve. Thanks!
 
Sort by date Sort by votes
the problem you will find is that you need a fixed address at each end for a manual IPSec tunnelt o work properly. If the remote office uses dynamic IP, you will have a problem.

How many users are at the branch office?

If budget permits, the simplest solution would be to purchase a Firebox SOHO 6 t/c. Then, set up a DVCP tunnel between the branch and head office. The IP address of the remote office is irrelevant - the remote Firebox will connect to your main firebox, pull in a config file and the tunnel will kick in.
 
Upvote 0 Downvote
We have a SOHO 6/tc and the connection was dropped pretty frequently. We think it could be a quality issue with the SOHO. Given that my users in the branch office (there are 4 users there) are not tech saavy, I can't afford the risk of another bad SOHO.

 
Upvote 0 Downvote
I had the same problem as you early in January. If you downloaded and installed the SOHO software version 6.3, there was a bug in that version that related to DSL connections. It two days on the phone with Watchguard support to realize they had a problem. They wrote some code to fix it and sent to me. The fix name is Cowboy fix. I think it is incorporated into the latest version which is 6.3.2.
It has been up and running since then with no drops.
As stiles123 said this is the best way to set up if you are using dynamic addressing.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TECHMAN007
  • Locked
  • Question
L2TP over IPSEC with PAP
Replies
0
Views
43
TECHMAN007
TECHMAN007
normntwrk
  • Locked
  • Question
Anyconnect and "old" IPSec vpn
Replies
2
Views
62
normntwrk
normntwrk
tbierl
  • Locked
  • Question
Cisco ASA IPSec Spoof Detected
Replies
2
Views
113
burtsbees
burtsbees
J001
  • Locked
  • Question
Configuring ASA IPSEC Tunnels
Replies
4
Views
23
J001
J001
jbober14
  • Locked
  • Question
IPSec VPN Issues
Replies
3
Views
46
jbober14
jbober14

Part and Inventory Search

Sponsor

Back
Top