0 Replies Latest reply on Aug 11, 2018 5:00 PM by ahude

    watchguard

    ahude New Member

      Trying to set up a watcahguard to 3120 site to site vpn.  Got the vpn and all four tunnels showing up but no traffic from any network on 3120 to any network on watchguard m370.  Also noticed I can't access my 3120 via web gui which is never in my life been an issue?  Does a 3120 use ikev1 or ikev2?

      !

      !

      ! ADTRAN OS version R12.3.4.E

      ! Boot ROM version 17.01.01.B2

      ! Platform: NetVanta 3120, part number 1700601G2

      ! Serial number LBADTN1519AM251

      !

      !

      hostname "NetVanta3120"

      enable password level 2 Inn6517pri!

      enable password Inn6517pri!

      !

      !

      ip subnet-zero

      ip classless

      ip default-gateway 50.76.236.102

      ip routing

      domain-proxy

      name-server 75.75.75.75 75.75.76.76

      !

      !

      no auto-config

      !

      no event-history

      no logging email

      !

      no service password-encryption

      !

      username "admin" password "Inn6517pri!"

      !

      !

      ip firewall

      no ip firewall alg msn

      no ip firewall alg mszone

      no ip firewall alg h323

      !

      !

      !

      !

      !

      !

      !

      no dot11ap access-point-control

      !

      !

      !

      !

      !

      ip dhcp excluded-address 192.168.11.1 192.168.11.20

      ip dhcp excluded-address 192.168.11.245 192.168.11.254

      ip dhcp excluded-address 192.168.12.1 192.168.12.20

      ip dhcp excluded-address 192.168.12.245 192.168.12.254

      !

      ip dhcp pool "Private"

        network 10.10.10.0 255.255.255.0

        dns-server 10.10.10.1

        netbios-node-type h-node

        default-router 10.10.10.1

      !

      ip dhcp pool "Vlan 1 192.168.11.0/24"

        network 192.168.11.0 255.255.255.0

        dns-server 75.75.75.75 75.75.76.76

        default-router 192.168.11.254

        tftp-server us.ntp.pool.org

        option 43 ascii id:ipphone.mitel.com;sw_tftp=192.168.2.2;call_srv=192.168.2.2;vlan=2;l2p=6;dscp=46;ipa_srv=192.168.2.2

      !

      ip dhcp pool "Vlan 2 192.168.12.0/24"

        network 192.168.12.0 255.255.255.0

        dns-server 75.75.75.75 75.75.76.76

        default-router 192.168.12.254

        tftp-server us.ntp.pool.org

        option 43 ascii id:ipphone.mitel.com;sw_tftp=192.168.2.2;call_srv=192.168.2.2;vlan=2;l2p=6;dscp=46;ipa_srv=192.168.2.2

      !

      !

      !

      ip crypto

      !

      crypto ike policy 100

        initiate main

        respond anymode

        local-id address 50.76.236.97

        peer 45.73.148.18

        attribute 1

          encryption 3des

          authentication pre-share

          group 2

      !

      crypto ike remote-id address 45.73.148.18 preshared-key Inn6517pri! ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

      !

      ip crypto ipsec transform-set esp-aes-256-cbc-esp-sha1-hmac esp-aes-256-cbc esp-sha1-hmac

        mode tunnel

      !

      ip crypto map VPN 10 ipsec-ike

        description 8251 to 6517

        match address ip VPN-10-vpn-selectors

        set peer 45.73.148.18

        set transform-set esp-aes-256-cbc-esp-sha1-hmac

        ike-policy 100

      !

      !

      !

      !

      vlan 1

        name "Default"

      !

      vlan 2

        name "Vlan 2 192.168.12.0"

      !

      !

      interface eth 0/1

        description gig coax

        ip address  50.76.236.97  255.255.255.248

        ip access-policy Public

        ip crypto map VPN

        no shutdown

        no lldp send-and-receive

      !

      !

      interface switchport 0/1

        spanning-tree edgeport

        no shutdown

      !

      interface switchport 0/2

        no shutdown

      !

      interface switchport 0/3

        no shutdown

      !

      interface switchport 0/4

        description 8251 vlan 1

        no shutdown

      !

      !

      !

      interface vlan 1

        description Vlan 1

        ip address  192.168.11.254  255.255.255.0

        ip access-policy Private

        no shutdown

      !

      interface vlan 2

        description Vlan 2

        ip address  192.168.12.254  255.255.255.0

        ip mtu 1500

        ip access-policy Private

        no awcp

        no shutdown

      !

      !

      !

      ip access-list standard wizard-ics

        remark Internet Connection Sharing

        permit any

      !

      !

      ip access-list extended self

        remark Traffic to NetVanta

        permit ip any  any     log

        permit ip 192.168.11.0 0.0.0.255  192.168.1.0 0.0.0.255

        permit ip 192.168.12.0 0.0.0.255  192.168.1.0 0.0.0.255

        permit ip 192.168.11.0 0.0.0.255  192.168.2.0 0.0.0.255

        permit ip 192.168.12.0 0.0.0.255  192.168.2.0 0.0.0.255

      !

      ip access-list extended VPN-10-vpn-selectors

        permit ip 192.168.11.0 0.0.0.255  192.168.1.0 0.0.0.255

        permit ip 192.168.12.0 0.0.0.255  192.168.2.0 0.0.0.255

        permit ip 192.168.12.0 0.0.0.255  192.168.1.0 0.0.0.255

        permit ip 192.168.11.0 0.0.0.255  192.168.2.0 0.0.0.255

      !

      ip access-list extended web-acl-3

        remark Admin Access

        permit tcp any  any eq https   log

        permit tcp any  any eq ssh   log

        permit icmp any  any  echo   log

      !

      ip access-list extended web-acl-4

        remark remote access

        permit tcp any  any eq https   log

        permit tcp any  any eq ssh   log

        permit icmp any  any  echo   log

      !

      ip access-list extended web-acl-6

        permit ip any  any

      !

      !

      !

      ip policy-class Private

        allow list VPN-10-vpn-selectors stateless

        allow list self self

        nat source list wizard-ics interface eth 0/1 overload

        allow list self self

        nat source list wizard-ics interface eth 0/1 overload

        allow list VPN-20-vpn-selectors1 stateless

        allow list VPN-10-vpn-selectors2 stateless

        allow list self self

        allow list web-acl-6 policy Private

      !

      ip policy-class Public

        allow reverse list VPN-10-vpn-selectors stateless

        allow list web-acl-4 self

        allow list web-acl-4 self

        allow reverse list VPN-20-vpn-selectors1 stateless

        allow reverse list VPN-10-vpn-selectors2 stateless

        allow list web-acl-3 self

      !

      !

      ip route 0.0.0.0 0.0.0.0 50.76.236.102

      !

      no tftp server

      no tftp server overwrite

      http server

      http secure-server

      no snmp agent

      no ip ftp server

      ip ftp server default-filesystem flash

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      !

      !

      sip udp 5060

      sip tcp 5060

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      line con 0

        login

      !

      line telnet 0 4

        login

        password Inn6517pri!

        no shutdown

      line ssh 0 4

        login local-userlist

      !

      sntp server us.pool.ntp.org

      !

      !

      !

      !

      !

      !