Welcome to ISAserver.org

howto set up Site to Site VPN from watchguard behind NAT device

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> howto set up Site to Site VPN from watchguard behind NAT device

Page: [1]

Message

<< Older Topic Newer Topic >>

howto set up Site to Site VPN from watchguard behind N... - 2.Apr.2008 9:39:52 AM

peteravr02

Posts: 2
Joined: 30.Sep.2005
From: Lelystad
Status: offline

Hello,

I am trying to set up a site to site IPsec tunnel between a ISA server 2006 and a .
Watchguard X-edge X55 but am not able to get this to work.

The Watchguard is behind a NAT device and because of that I have to put the tunnel in IKE aggressive mode.
But when I try to change the phase 1 settings on the ISA 2006 server I cannot find the setting for changing the IKE mode to aggressive.
According to Microsoft technet, ISA server 2006 / Windows 2003 does not support IKE aggressive mode.
See: http://technet.microsoft.com/en-us/library/cc302442.aspx

Is this true? Am I reading this right?

Is it possible to set up the tunnen between the two sites and if so, what am I doing wrong.

Any help would greatly be appreciated.

Best regards,

Peter de Vries

< Message edited by peteravr02 -- 3.Apr.2008 7:46:26 AM >

Post #: 1

Featured Links*

RE: howto set up Site to Site VPN from watchguard behi... - 20.May2008 5:30:43 AM

peteravr02

Posts: 2
Joined: 30.Sep.2005
From: Lelystad
Status: offline

UPDATE.

After examining the logfiles I found that phase 1 was failing on the watchguard.
I recieved lot of MM (main mode) messages and no response to them from the ISA server.
I traced the problem back to a ADSL moedem / router thats in front of the watchguard.
This router was configured to send all traffic to the watchguard, but this does not work.
I had to configure seperate (inbound) NAT rules for the following ports
1. 500 / UDP
2. 4500 / UDP
3. 50 / IP

After this I was able to set up the IPSec tunnel.

(in reply to peteravr02)

Post #: 2