Configure an IPsec VPN Tunnel site-to-site between WatchGuard Appliance and a pfSense Firewall it is not so difficult. In this post I’ll show all the configuration items to get the IpSec Vpn up and working.
WatchGuard
Gateway
Gateway Name: <Descriptive name>
Use Pre-Share key: <Strong Password>
Gateway Endpoit
Local Gateway
By Ip Address: <WatchGuard public ip address >
Remote Gateway
Static Ip Address: <pfSense Public Ip address >
Gateway ID for tunnel authentication
By Ip Address: <pfSense Public Ip address >
Phase 1 Settings
Mode: Main
Authenthcation: SHA1
Encryption: 3DES
SA Like: 8 hours
Key Groups: Diffie-Helmann Group 2
Tunnel
Gateway: <Select the related Gateway>
Addresses
Local: <WatchGuard LAN Network >
Remote: <pfSense LAN Network >
Direction: <==>
Phase 2 Settings
Select ESP-AES-SHA1
Perfect Forward Secrecy: False
pfSense
Att.: pfSense is behind a NAT and the external IP is fixed and public
IPsec Tunnels – Phase 1
Key Exchange version: V1
Internet Protocol: ipV4
Interface: WAN
Remote Gateway: <WatchGuard public ip address>
Authentication Method: Mutual PSK
Negotiation mode: Main
My identifier: IP Address – <pfSense Public Ip address >
Peer identifier IP Address – <WatchGuard public ip address >
Pre-Shared Key: <Strong Password>
Encryption Algorithm: 3DES
Hash Algorithm: SHA1
DH Group: 2(1024)
Lifetime (Seconds): 28800
Disable rekey: False
Responder Only: False
NAT Traversal: Force
Dead Peer Detection: True
Delay: 1
Max failures: 3
Phase 2 Entries
Mode: Tunnel Ipv4
Local Network: <pfSense LAN Network >
NAT/BINAT translation: None
Remote Network: <WatchGuard LAN Network >
Phase 2 Proposal (SA/Key Exchange)
Protocol: ESP
Encryption Algorithms: AES – Auto
Hash Algorithms: SHA1
PFS key group: Off
Lifetime: 3600
Automatically ping host: <Blank>