• Home
• About
• Advertise
• Contact
• Search

Branch Office VPN using Watchguard products

Setting up a VPN network between offices can be a hassle. But
with Watchguard products this task can be very easy.

For our test I’ve chosen to use a Watchguard Firebox III at
the main office and a Watchguard SOHO TC6 at the branch office. This is a
fictive network and is just set up to show how easy a task like this can be.

VPN tunnels are becoming more usual between offices due to
the low cost in setting them up; this is mainly because of the relatively cheap
internet connections you can acquire today. Getting a normal DSL line is cheap
if you compare them with dedicated lines between offices. VPN tunnels are also
secure since they use a high level encryption and provide an easy way for
administrators and users to access all the needed networks anytime and from
anywhere. Administrators can access the local and the branch office servers for
maintenance anytime and the help desk has a way to get to the users desktop
even if the user is on the other side of the globe.

In this article we will set up a VPN tunnel between the main
office and one of the branch offices. We will use Watchguard hardware for this
task and show you just how easy this can be when you use the right tools.

After you have set up the basic rules in your main office firewall
you are ready to set up the tunnel between the main and the branch office. This
article does not go into setting up the Watchguard Firebox firewall; it may
come up in a future article.

1. Setting up the main office firewall.

First of all fire up the administration the Firebox system
manager, after that just open the Policy editor. If you have a Firebox with branch
office VPN (we’ll call it BOVPN from now on) you just need to point your mouse
to the Network, BOVPN menu.

From the BOVPN menu choose Basic DVCP server. This is what
we will make the main office firewall. The DVCP server is the firewall handling
all the incoming requests from the branch offices.

Clicking the basic DVCP server brings up the DVCP client
wizard. With this wizard we will configure the client, meaning the branch
office. The wizard will walk you trough the setup and you will be done in ten
minutes.

First of all we are required to enter a client
name. This
name should describe the branch office in some way. If you have 70
branch
offices you’ll want to find the right one easily. In this example we
will call
the branch office HelsinkiBranchOffice, for those who don’t know it,
Helsinki is the capital of Finland. Then enter the shared key.
The shared key is like a password that the main office and branch
office
firewalls use when they communicate to recognize each other. Use
something you’ll
remember in the future. I’ll use HelsinkiSK112005, short of Helsinki
Shared Key
November 2005.

Clicking next brings us to the allowed resource and the DVCP
addressing. We now need to choose how much of our main network we will expose
to the branch office. We can ad routes later if we see the need to.

In this example let’s assume we only want the branch office
to be able to access our servers and they are located in the 10.10.10.0/25
subnet. For clarity, this means a network with IP:s from 10.10.10.1 to 10.10.10.126
and a subnet mask of 255.255.255.128.

After this we will enter the private network. The private
network is the network the clients in the branch office will be located in. We
use 192.168.0.0/26 which is able to keep a maximum of 62 hosts.

Next is the tunnel protection configuration. For this
example we will use the highest levels this Firewall can supply and the default
key expiration kilobytes/times.

Believe it or not, that’s it. We are now done on the main
firewall. Click Finnish and save the new policy.

2. Setting up the branch office firewall.

Next we need to tell the client firewall where to find it’s
settings from. You can do this on site or by remote administration.

On the client firewall log in to the web front-end and
choose Managed VPN. In the managed VPN mark Enable Managed VPN, set the
configuration mode to SOHO.

The DVCP server address is the external address of you main
office firewall, client name is the name you entered in the wizard earlier and
the shared key also.

For this example the following is what we use.

Client name: HelsinkiBranchOffice

Shared key: HelsinkiSK112005

After that just hit submit and let the SOHO
reboot. You’re done and the tunnel should be open.

No related posts.

Advertising

Recent Posts

• Unable to use Active Sync / direct push on Exchange 2010
• Affordable SAN(UCC) certificates for Exchange Server
• Prepare a Virtual Environment for testing
• New theme
• Systems Center Configuration Manager 2007, Secondary site Pending

Archives

May 2010

April 2010

January 2010

December 2009

November 2009

October 2009

July 2009

April 2009

March 2009

February 2009

January 2009

December 2008

Login

Register

Log in

Browse by tags

Acrobat Active Directory Apple ASP.NET CentOS Defragmentation Domain Drivers Free Software Group policy Install Linux MSI Nixadmins OSX programs Redhat Security Service Pack 3 SSL VPN SSTP VPN tools Virtual PC VPN Windows 7 Windows Deployment Services Windows Server Windows Vista Windows XP WinPE

Ads

Ads