Using ipsec_tunnel with WatchGuard Firebox System 5.0

In "Policy Manager" select Network->Branch Office VPN->Manual IPSec.

Adding a gateway

1. Open the "Configure gateways" dialog by clicking "Gateways..." and
2. then select "Add..".
3. Enter a name and set key negotiation type to manual.
4. Enter the IP address of the remote gateway. (your ipsec_tunnel box)
5. Click OK.
6. Close the "Configure Gateways" dialog.

Adding a tunnel

1. From the "IPSec Configuration" dialog select "Tunnels...".
2. Select the gateway you just created.
3. Give the tunnel a name.
4. Switch to the "Manual Security" tab and click on "Settings...".
5. Enter SPI (decimal).
6. Select 3DES-CBC encryption.
7. Enter the encryption key in hex (48 digits).
8. Set "Authentication" to none.
9. Make sure that "Use Incoming settings for Outgoing" is checked.
10. Click OK.
11. Close the "Configure Tunnels" dialog.

Adding routing policies

1. From the "IPSec Configuration" dialog select "Add...".
2. Enter the local and remote host/network you want to access thru the tunnel.
3. Set "Disposition" to secure.
4. You can optionally select source/destination port and/or protocol (tcp/udp).
5. Click OK.
6. Repeat if necessary.
7. Close the "IPSec Configuration" dialog.