LinkBack URL
About LinkBacks
IPSec Tunnel with Watchguard
I am being played both ends against the middle, and I would appreciate your advice on whether I am being unreasonable or not :
Our Company Firewall is a Watchguard XTM device which is managed by the IT Engineers at our head office. The guy who is responsible for this is Fred
One of my remote sites in the middle east is running untangle, and having been advised by Fred that Watchguard accepts ipSec Tunnels, we have purchased this module. Barney has personally recommended the unTangle product, looks after the untangle box, and has already set up an openVPN tunnel to the warehouse, and we are using client openVpn clients. Dealing with the state owned ISP and the vagaries of local supply has convinced me to distance myself from the management of the middle east network, and let Barney do his job.
When we try to get a ipSec Tunnel running, we have created a profile on the unTangle, sent that to Fred, who says it isn't enough, but can't tell me what he needs. He believes we should buy a Watchguard and install it in the ME hrmph hrphh ...
I say, OK, set up the profile on the Watchguard, tell me what the settings are, and then I'll get Barney to match it. Fred says it isn't as simple as that and we go round in circles, with him bleating about installing Watchguards everywhere, and me telling him it works differently in the real world.
My question, and apologies for the preamble is, why can't one side give a clear specification of their end of the tunnel, so the other can match, or not. I have discovered that Watchguard does not support PFS. If Ipsec is a protocol, is there a standard ?
Any comments would be much appreciated ...
