How To Configure Site-To-Site Ipsec Vpn With Watchguard; Set Up The Ipsec Vpn Tunnel On The Zywall/Usg - ZyXEL Communications ZyWALL 110 Handbook
Zywall/usg series security firewalls
Hide thumbs
Also See for ZyWALL 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
If you see that Phase 1 IKE SA process done but still get below [info] log message, please check
2
ZyWALL/USG and Cisco Phase 2 Settings. Both ZyWALL/USG and Cisco must use the same
Protocol, Encapsulation, Encryption, Authentication method and PFS to establish the IKE SA.
Figure 301 MONITOR > Log
Make sure the both ZyWALL/USG and Cisco security policies allow IPSec VPN traffic. IKE uses UDP
3
port 500, AH uses IP protocol 51, and ESP uses IP protocol 50.
Default NAT traversal is enable on ZyWALL/USG, please make sure the remote IPSec device must
4
also have NAT traversal enabled.
4.5 How to Configure Site-to-site IPSec VPN with
WatchGuard
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN between a
ZYWALL/USG and a WatchGuard router. The example instructs how to configure the VPN tunnel
between each site. When the VPN tunnel is configured, each site can be accessed securely.
Figure 302
Note: All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG310 (Firmware Version: ZLD 4.13) and
WatchGuard XTM 515 (Firmware Version: 11.10.4).
4.5.1 Set Up the IPSec VPN Tunnel on the ZyWALL/USG
In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN
1
Settings wizard to create a VPN rule that can be used with the WatchGuard. Click Next.
Chapter 4 Create Site-to-Site VPN Tunnels
ZyWALL Site-to-site IPSec VPN with WatchGuard Connected
ZyWALL/USG Series User's Guide
134
Advertisement
Table of Contents
