Watchgaurd Firebox 1000 and Cisco Concentrator 3015
Hi I am trying to create a site to site vpn tunnel between the 2 appliances above. On the cisco concentrator I am getting the following message
26720 08/12/2008 16:11:42.780 SEV=5 IKE/35 RPT=3593 184.108.40.206 Group [220.127.116.11] Received remote IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Im guessing this is the info sent from the watchgaurd, what I dont understand is why the source address is showing as 0.0.0.0
Re: Watchgaurd Firebox 1000 and Cisco Concentrator 3015
Wow I'm sure you've figured this out by now seeing as this was posted on 8/12/2008. however for the record what you're seeing is phase2 information and that's the proxy id that your far end is showing 0/0.Did you make sure your ipsec sa's matched?
- If you need clarification, ask it in the comment box above.
- Better answers use proper spelling and grammar.
- Provide details, support with references or personal experience.
Tell us some more! Your answer needs to include more details to help people.You can't post answers that contain an email address.Please enter a valid email address.The email address entered is already associated to an account.Login to postPlease use English characters only.
Tip: The max point reward for answering a question is 15.
Port #1 on primary router <---> VPN server
Port #2 on primary router <--> Load Balancer
Load Balancer <--> web-server #1
Load Balancer <--> web-server #2
Load Balancer <--> web-server #3
VPN traffic enters your network, through the router to the VPN server, and then VPN-server back through the router to your internal servers. Web-traffic goes through the Load Balancer, for distribution to the collection of servers.
If you are using the firewall feature set on the 1841 then make sure, you have all permit statements right and nonat statements in place. Try command line as well and go over some router to router example configs from Cisco's website
1. Pix does not like class A address, make sure you are using B or C.
2. The VPN subnet always has to be differant to the LAN.
3. Has to have a working DNS server.
4. Add static route, and last resort to main ethernet port that has the DNS & R62. (or 2 if on differant sub)
The key with any VPN solution is to make sure that the configurations on both ends match. I am not very familiar with this particular product, but it looks like you need to have the proper VPN licenses installed first.
There are two types of VPN you can do.
1) Site to Site - This is where the are two static boxes that you want to create an encrypted tunnel between
2) Remote User access - This is where mobile users connect to a central site over an encrypted tunnel from their home or on the road.
Next, take a looks at the User Guide PDF here:
Chapter 10 tells how to configure the VPN on the Firebox side. You would just duplicate your settings if your doing option #1.
Chapter 11 tells how to configure the VPN on the client side. This section would tell you how to configure the client software for option #2.
Hope this helps.
I am not real versed on VPN connections but the only way I was able to connect to my company's Cisco VPN using my Ipaq was with this program.
The whole thing went very easily.