Creating VPN with SSL on a Watchguard
The following is a
high level review of how to activate and connect to a VPN with SSL on your
Watchguard. Your network configuration may vary from these default settings. This configuration is useful to have remote users connect to your
office network from home. Computers that connect in this way will behave as if
they are on the office network. This means that if your server is on the same
office network, users would connect to the server using it's local/private IP.
If your server is in a hosted environment, you could connect to the public
address of the server.
- Log into your Watchguard. You will need the following
- Private or Public IP of the Watchguard
- You can find the private IP of the Watchguard device by running cmd in windows and entering ipconfig. The default gateway address is likely the private IP address of the Watchguard
- The Public IP address will likely be the Public IP address of your office. The Watchguard has a list of addresses that can access this public gateway. If the Public IP you are connecting from is not in that list of IP addresses, Contact DAKCS to see if we can assist.
- Once you can see the gateway, You will need your Admin Credentials.
- From the dashboard, Navigate to VPN> Mobile VPN with SSL
- Check the 'Activate Mobile VPN with SSL' box
- Select the following values
- As a customer you are responsible for determining the most appropriate settings since this will have a direct effect on
how your machines traffic is monitored and routed. The settings listed below offer only 1 solution that may not meet
your needs! - Primary: Public IP of your office
- method to send traffic through the VPN tunnel: Routed VPN traffic
- click the button to 'allow access to all Trusted, Optional, and custom networks'
- Virtual IP Address Pool: You can find this from the Watchguard dashboard under NETWORK> Interfaces> the IPv4 address for the Trusted interface
- Click the DNS/WINS tab, enter the following addresses, and click add
- If you have a specific DNS you would like to use, you may. We have listed google's public DNS below.
- 8.8.8.8
- 8.8.4.4
- Click SAVE
- Add a VPN user
- From the dashboard, navigate to AUTHENTICATION> Servers> Firebox-DB
In the 'Firebox Users' section, Click Add
Fill out the form as follows.
As a customer you are responsible for determining the most appropriate settings since this will have a direct effect on
how your machines traffic is monitored and routed. The settings listed below offer only 1 solution that may not meet
your needs!
Session Timeout: 8 hours (default value)
Idle Timeout: 30 Minutes (default value)
Leave 'enable login limits for each user or group' un-selected
- Click Ok
- Click Save
- Download the VPN client onto the computer that needs to connect remotely
- From the computer that needs to connect remotely go to the following web address and login with the user account you created
- Download and install the vpn client for widows. You can add a desktop icon and launch the application at the end of the install.
- Fill out the following in the client
- Server: the Public IP address of your office
- User name: the user name you created
- Password: the password for the user you just created
- you may have the client remember your password as well.
- If it asks if you want to proceed say yes
- After a moment you should get a notification that the VPN is connected
- Repeat from section 6 as needed for additional users.
Your network configuration may vary from these default settings. The help menu in the Watchguard device is a great resource as well. DAKCS is happy to answer any questions.