Saturday, 9 July 2011

Watchguard VPN using a Public Dynamic IP

So you have a small office with maybe only one to five users.  You want to connect this office with the corporate VPN but don't want to/ can't t pay the excess costs for public internet static IPs for your router and firewall (in my case a Watchguard XTM 2 Series).

Note one of the main reasons for multiple IPs in a situation such as the above is for connection reliability and to increase security slightly eg the internet facing router has a public static IP and the firewall will have it's own public static IP as well.

The solution for this is helped by a well known website (others are available).  You register an account and add these account details to the Watchguard in the DynDNS section.  From this point you will now be able to contact the device using the domain name you setup even when the ISP changes your public IP address (the Watchguard will send the update to DynDNS.

The WAN/ internet port on the Watchguard firewall will need configured with an IP address on the same subnet as a LAN port of the router.

A switch can then be connected to a trusted port on the firewall. Devices such as computers and laptops connect to the switch for their networking needs.

All other ports on the router and firewall should be disabled for security purposes.