Professional Documents
Culture Documents
Configuring A Site-To-Site IPsec VPN in Firewall Tunnel
Configuring A Site-To-Site IPsec VPN in Firewall Tunnel
Dashboard (http://techlib.barracuda.com/)
(https://www.barracuda.com)
Barracuda Firewall
Articles Tree
Location 1
Location 2
Tunnel Settings
Location 1
Location 2
Local Networks
10.10.10.0/24
10.10.20.0/24
Tunnel initiation
Active
Passive
Local Address
212.86.0.253
213.47.0.253
AES256
MD5
Group 1
Lifetime Phase 1
28800
Lifetime Phase 2
3600
Authentication
Shared Passphrase
In this article:
Step 1. Create the IPsec Tunnel on the Barracuda Firewall at Location 1
Step 2. Create the IPsec Tunnel on the Barracuda Firewall at Location 2
Step 3. Configure the Firewall Rule for VPN Traffic
Step 4. Verify the Order of the Firewall Rules
Step 5. Verify Successful VPN Tunnel Initiation and Traffic Flow
Value
Select AES256.
Select MD5.
Select Group 1.
Lifetime Phase 1
Enter 28800.
Lifetime Phase 2
Enter 3600.
Value
Local End
Select Active.
Local Address
Select one of the available IP addresses. If you have dynamic ISPs configured,
select Dynamic.
Local Networks
Enter 10.10.10.0/24.
The network address for the locally configured LAN.
Remote Address
Enter 213.47.0.253.
The WAN IP address of location 2.
Remote
Networks
Enter 10.10.20.0/24.
The remote LAN.
Value
Authentication
Passphrase
8. Click Add.
Value
Select AES256.
Select MD5.
Select Group 1.
Lifetime Phase 1
Enter 28800.
Lifetime Phase 2
Enter 3600.
Value
Local End
Select Passive.
Local Address
Select one of the available IP addresses. If you have dynamic ISPs configured,
select Dynamic.
Local Networks
Enter 10.20.10.0/24.
The network address for the locally configured LAN.
Remote Address
Enter 213.47.0.253.
The WAN IP address of location 1.
Remote
Networks
Enter 10.10.10.0/24.
The remote LAN.
Value
Authentication
Passphrase
8. Click Add.
To allow network traffic between both networks, create a firewall rule. You must create the same rule on both Barracuda
Firewalls.
This example configures a firewall rule to allow traffic between the 10.0.10.0/24 and 10.0.20.0/24 networks.
1. Log into the Barracuda Firewall at Location 1.
2. Go to FIREWALL > Firewall Rules page.
3. Add a firewall rule with the following settings:
Action
Connection
Bi-directional
Service
Allow
No SNAT
Any
Source
10.0.10.0/24
Destination
10.0.20.0/24
With the Any service object, all types of network traffic are allowed between the remote and local network. For VPN
tunnels, you must select the No SNAT connection object.
4. At the top of the Add Access Rule window, click Add.
5. Log into the Barracuda Firewall at Location 2 and repeat steps 2 to 4.
(http://techlib.barracuda.com/display/BFWv10/pdf/Example+-+Configuring+a+Site-to-Site+IPsec+VPN+Tunnel)
(http://techlib.barracuda.com/attachments/product/BFWv10)
(http://techlib.barracuda.com/display/BFWv10/Example+-+Configuring+a+Site-toSite+IPsec+VPN+Tunnel/printable)
(mailto:?body=Greetings -%0A%0AThis article from the Barracuda Networks TechLibrary may be useful for solving
your technical issue:http://techlib.barracuda.com/R4Pa%0A%0AVisit the Barracuda Networks TechLibrary at
http://techlib.barracuda.com for all Barracuda Networks technical documentation.&subject=Barracuda Networks
TechLibrary: Barracuda Firewall)
Back to top
Feedback
If you have a technical issue with the product, please contact Barracuda Networks Technical Support
(https://www.barracudanetworks.com/support).
Did you find this article helpful: Yes | No