Watchguard Firebox X5000 User's Guide download pdf (Page 53)

Migration Guide 49

Making a Fireware Configuration

2 Click Add.

3 In the Addresses section of the New Tunnel dialog box click Add.

4 Complete the information in the Local-Remote Pair Settings dialog box.

5 Click OK.

If the WFS routing policies configuration shows multiple policies using the same tunnel, then you

cannot migrate this configuration. In Fireware, each entry in the "Addresses" section results in a

set of SAs (a tunnel in WFS terms). Thus, the peer gateway also needs modification to accept

multiple tunnels after migrating or the VPN does not negotiate successfully.

If any normal routes listed in WFS Policy Manager Network > Routes overlap or include an IPSec

route, it may result in a tunnel that does not function. Fireware uses the normal route table to

determine at which interface a tunnel is established. Thus, if a normal route exists pointing to the

trusted interface and that route includes hosts or networks specified in the IPSec routes and that

tunnel is meant to be established on the external interface, the tunnel will fail. The normal routes

need to be broken up so that they do not include any entries in the IPSec routes or the normal

routes need to point to the proper tunnel endpoint interface.

1 2 ... 48 49 50 51 52 53 54 55 56 57 58 ... 77 78

No comments

Watchguard Firebox X5000 User's Guide Page 53