0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
52 Ansichten6 Seiten
Watchguard XTM can form a site-to-site VPN with a Meraki MX series security appliance. To do this login in to Watchguard by connecting to its IP address via a web browser. Under the Gateways tab click Add to give the gateway a name that will be meaningful to you and easy to remember.
Watchguard XTM can form a site-to-site VPN with a Meraki MX series security appliance. To do this login in to Watchguard by connecting to its IP address via a web browser. Under the Gateways tab click Add to give the gateway a name that will be meaningful to you and easy to remember.
Watchguard XTM can form a site-to-site VPN with a Meraki MX series security appliance. To do this login in to Watchguard by connecting to its IP address via a web browser. Under the Gateways tab click Add to give the gateway a name that will be meaningful to you and easy to remember.
Watchguard XTM Site-to-site VPN with MX Series The Watchguard XTM can form a site-to-site VPN with a Meraki MX series security appliance. To do this login in to Watchguard by connecting to its IP address via a web browser. On the left hand side click on VPN->Branch Office VPN. Under the Gateways tab click Add to give the gateway a name that will be meaningful to you and easy to remember. Under the General Settings tab select the radio button for Pre-Shared Key and enter the key string exactly as it appears on the MX under Configure->VPN-- >Non-Meraki VPN peers-->(peer) -->"Preshared secret". In the Gateway Endpoints section click Add button to be brought to the Gateway Endpoint Settings page to specify the local and remote peers participating in the VPN tunnel. If the MX is in a NAT environment, the Remote IP will be the public address of the MX, while the Remote ID will be the private address. Meraki Dashboard Product Manuals Meraki Search the Knowledge Base Search Knowledge Base - Meraki Dashboard https://kb.meraki.com/knowledge_base/watchguard-xtm-site-to-site-vpn-with-mx-series[05/05/2014 04:38:12 p.m.] Knowledge Base - Meraki Dashboard https://kb.meraki.com/knowledge_base/watchguard-xtm-site-to-site-vpn-with-mx-series[05/05/2014 04:38:12 p.m.] Under Local Gateway select the radio button for By IP Address and enter the public IP address of the Watchguard, in our example - 1.1.1.1." Under the section labeled Remote Gateway select the radio button for Remote Gateway Static IP Address and enter the public IP address of the MX security appliance, in our example - 2.2.2.2. Please note that this must be the IP address of the primary interface specified on the MX under Monitor -->Router Status. Therefore if you have the primary uplink configured as Internet 1 then you must use Internet 1's Public IP address. Under the section for Gateway ID for Tunnel Authentication select By IP address and again enter the public IP of the MX security appliance. Select the OK button. Knowledge Base - Meraki Dashboard https://kb.meraki.com/knowledge_base/watchguard-xtm-site-to-site-vpn-with-mx-series[05/05/2014 04:38:12 p.m.] Back on the Gateway page select the tab Phase 1 Settings and ensure that Main is selected in the drop down menu labeled Mode. NAT traversal and Dead Peer Detection are not required but can remain selected for improved tunnel stability. Under Transform Settings select Add and ensure that under Phase 1 settings SHA1-3DES is chosen for the encryption and authentication algorithms and that under Key Group, Diffie-Hellman Group 2 is selected. Click the Save button to be returned to the Branch Office VPN Page. Under the Tunnels Section select the Add button. Knowledge Base - Meraki Dashboard https://kb.meraki.com/knowledge_base/watchguard-xtm-site-to-site-vpn-with-mx-series[05/05/2014 04:38:12 p.m.] Give the Tunnel group a name that is meaningful to you, in our case VPN Phase 2. In the drop down menu labeled Gateway select the name you created in the previous step. Under the Addresses section select the Add button. In the field for Local IP enter the local IP subnet range. Additionally select Network IP for the Remote IP section and enter the subnet of the MX security appliance. Be sure to check the box for adding the tunnel to the BOVPN-Allow policies and that the tunnel is configured for bi-directional communication. Knowledge Base - Meraki Dashboard https://kb.meraki.com/knowledge_base/watchguard-xtm-site-to-site-vpn-with-mx-series[05/05/2014 04:38:12 p.m.] Solution #1058 Updated on J anuary 15, 2014 Click the tab Phase 2 Settings to move to the next section. Make sure that the checkbox for PFS or Perfect Forwarding Secrecy is unchecked. Under IPSec Proposals, the drop down menu specifies a variety of encryption and authentication methods. The MX security appliance can accept any of the following Encryption algorithms: DES, 3DES, AES-128, AES-192 and AES-256. Additionally the MX can accept either SHA1 or MD5 as the authentication hashing algorithm. Any combination of encryption and authentication algorithms can work however please use ESP as the IPSec protocol suite. Click the Add button to add these to the list and select the Save button to be brought back to the Branch Office VPN page. With the settings saved to the Watchguard it will attempt to establish a IPsec VPN tunnel with the MX once client traffic attempts to access the remote subnet. For more information on setting up the MX to participate in a site-to-site VPN, please review the following articles: 3rd Party Site-to-Site VPN Meraki MX Security Appliance Site to Site VPN
2014 Cisco Systems, Inc. privacy - terms Suggest an improvement... Email address Submit