Tunnel ipsec via Watchguard



  • Hi. I'm a new user. I want to close an Ipsec tunnel on a pfsenseA (rel.2.1) behind a firewall Watchguard (WG).
    Scenario
    The WG has an public ip x.x.x.a and a lan ip like 192.168.1.100
    The pfsenseA has two interface : wan with ip 192.168.1.1 and gateway 192.168.1.100 (the WG), lan with 10.0.0.1
    On the other side I've a pfsenseB with two interfaces : wan with a public ip y.y.y.b and lan with 172.168.0.1
    I want to create a tunnel between pfsenseA and pfsenseB
    So a pc of lanA with gateway 10.0.0.1 can use a service on lanB 172.168.0.0
    Is it possible ? How ?
    Thank you very much.



  • Resolved.
    For other user : SNAT the public ip of the WG with 3 policies : one for ESP, one for UDP 500 and one (optional) for UDP 4500.
    Don't use the "ipsec" policy with SNAT becouse it doesn't work. Then allow "any" protocol and "any" port from the Wan of the pfsenseA (192.168.1.1) to "any"  server.
    .. Bye



  • Ah, if you use another public ip don't remember to create a 1:1 NAT on the WG !!!!


Log in to reply