How To Establish VPN Tunnel

between
and Firebox
(WatchGuard)
Preshared key
How
To Cyberoam
Establish
VPN
Tunnel using
between

Cyberoam and Firebox (WatchGuard) using

Preshared key

Applicable to Version: 9.4.0 build 2 onwards

This article describes a detailed configuration example that demonstrates how to configure net-tonet IPSec VPN tunnel between a Cyberoam and WatchGuard using Preshared key to authenticate
VPN peers.
It is assumed that the reader has a working knowledge of Cyberoam and WatchGuard appliance
configuration.
Information to be gathered about the both the peers before configuration
1. Connection details - Encryption algorithm, Authentication Algorithm and DH/PFS Group
2. Server IP addresses
3. Internal Network Subnet
4. Local and Remote ID

Cyberoam Configuration
Step 1: Create IPSec connection
Go to VPN IPSec Connection Create Connection and create connection with the following
values:
Connection name: cr_2_wg
Policy: Default Policy
Action on restart: As required
Mode: Tunnel
Connection Type: Net to Net
Authentication Type Preshared key
Preshared key Specify Preshared key. Forward this key to the remote peer (WatchGuard) as
same preshared key should be used by both the peers.
Local server IP address (WAN IP address) 192.168.15.204
Local Internal Network 8.8.8.0/24
Local ID 1.1.1.2 (Specify this IP address as ID Type in Remote Gateway Settings in
WatchGuard)
Remote server IP address (WAN IP address) 192.168.1.194
Remote Internal Network 112.12.1.0/24
Remote ID 192.168.1.194
User Authentication Mode: As required
Protocol: As required
Step 2. Activate Connection and establish Tunnel
Go to VPN IPSec Connection Manage Connection

How To Establish VPN Tunnel between Cyberoam and Firebox (WatchGuard) using Preshared key
To activate the connection, click

under Connection Status against the cr_2_wg connection

under Connection Status indicates that the connection is successfully activated

Note
At a time only one connection can be active if both the types of connection - Digital Certificate and
Preshared Key - are created with the same source and destination. In such situation, at the time of
activation, you will receive error unable to activate connection hence you need to deactivate all
other connections.

WatchGuard Configuration
Step 3. Configure Gateway from Policy Manager
Go to VPN Branch Office Gateways Add and create Gateway with the following values:
Gateway name: wg_2_cr
Remote Gateway Settings
Gateway IP: 192.168.15.204 (Cyberoam WAN IP address)
ID Type: IP Address: 1.1.1.2 (Specified as Local ID Type in IPSec Connection in Cyberoam)
Local Gateway Settings
ID Type: IP Address: 192.168.1.194 (Select the IP address from the adjacent drop-down list. All
configured Firebox interface IP addresses are shown)
Credential Method
Pre-Shared Key: As specified in IPSec Connection in Cyberoam
Phase1 Settings
Authentication: MD5
Encryption: 3DES
Mode: Main
Phase1 Advanced Settings
Key Group: Diffie-Hellman Group2
Step 4. Configure Tunnel from Policy Manager
Go to VPN Branch Office Tunnels Add tunnel with the following values:
Tunnel name: cr_tunnel
Gateway: wg_2_cr (as created in step 1)
Phase2 Settings
Proposals: ESP-3DES-MD5
PFS: Enable, Diffie-Hellman Group2

How To Establish VPN Tunnel between Cyberoam and Firebox (WatchGuard) using Preshared key
Addresses
Local address: Network IP: 112.12.1.0/24 (WatchGuard Network)
Remote Address: Network IP: 8.8.8.0/24 (Specified as Local Internal Network IP in Cyberoam
IPSec connection)
Step 5. Save configuration
Go to File Save To Firebox
Step 6. Establish Connection from Cyberoam
Go to VPN IPSec Connection Manage Connection
To establish the connection/tunnel, click
connection

under Connection Status against the cr_2_wg

under Connection Status indicates that the connection/tunnel is successfully established

Reference Documents
VPN Troubleshooting Guide

Document Version: 9402-1.0-12/12/2006