Watchguard Firebox X15 User Manual page 194

Configuring Virtual Private Networks
Sample VPN Address Information Table
Item Description
External IP The IP address that identifies the IPSec-
Address compatible device on the Internet.
Site A: 207.168.55.2
Site B: 68.130.44.15
Local Network An address used to identify a local network.
Address These are the IP addresses of the machines on
each side that are allowed to send traffic through
the VPN tunnel.We recommend that you use an
address from one of the reserved ranges:
10.0.0.0/8—255.0.0.0
172.16.0.0/12—255.240.0.0
192.168.0.0/16—255.255.0.0
The numbers after the slashes indicate the
subnet masks. /24 means that the subnet mask
for the trusted network is 255.255.255.0. For
more information on entering IP addresses in
slash notation, see this FAQ:
https://www.watchguard.com/support/
advancedfaqs/general_slash.asp
Site A: 192.168.111.0/24
Site B: 192.168.222.0/24
Shared Key The shared key is a passphrase used by two
IPSec-compatible devices to encrypt and decrypt
the data that goes through the VPN tunnel. The
two devices use the same passphrase. If the
devices do not have the same passphrase, they
cannot encrypt and decrypt the data correctly.
Use a passphrase that contains numbers,
symbols, lowercase letters, and uppercase
letters for better security. For example,
"Gu4c4mo!3" is better than "guacamole".
Site A: OurSharedSecret
Site B: OurSharedSecret
Encryption DES uses 56-bit encryption. 3DES uses 168-bit
Method encryption. The 3DES encryption method is more
secure, but slower. The two devices must use
the same encryption method.
Site A: 3DES
Site B: 3DES
Authentication The two devices must use the same
authentication method.
Site A: MD5 (or SHA1)
Site B: MD5 (or SHA1)
180
Assign
ISP
You
You
You
You
WatchGuard Firebox X Edge