User`s guide

ManualsBrandsBarracuda Networks ManualsNetworkingFirewall X100

101

102

103

104

105

106

107

108

109

110

The VPN server that runs on the Barracuda Firewall must listen on the appropriate IP address for its peer. Depending on whether the Barracuda

Firewall is connected to the Internet through an ISP that statically or dynamically assigns the WAN IP address, complete the steps in the

following or section. Static WAN IP Address Dynamic WAN IP Address

Static WAN IP Address

If the Barracuda Firewall is connected to the Internet through an ISP that statically assigns the WAN IP address:

Go to the page.NETWORK > IP Configuration

In the section, verify that the check box is selected the interface or for any Static Interface Configuration VPN Server for Secondary IP

address. Address of the management IP

Dynamic WAN IP Address

If your Barracuda Firewall is connected to the Internet through an ISP that dynamically assigns the WAN IP address, see How to Allow VPN

.Access via a Dynamic WAN IP Address

Step 3. Create the Firewall Rule for VPN Traffic

Create a firewall rule to allow network traffic between the two networks. If the tunnel is to be established between two Barracuda Firewalls, create

the same rule on appliances.both

Go to the page.FIREWALL > Firewall Rules

Add a firewall rule with the following settings:

Action Connection Bi-directional Service Source Destination

Allow No SNAT (the

original source IP

address is used)

Select the Bi-direc

check box.tional

Any

The LAN 1

address.

The LAN 2

address.

At the top of the window, click .Add Access Rule Add

Step 4. Verify the Order of the Firewall Rules

New rules are created at the bottom of the firewall rule set. Because rules are processed from top to bottom in the rule set, ensure that you

arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are

blocked. If you are configuring a tunnel between two Barracuda Firewalls, verify the order of the firewall rules in the rule sets for both appliances.

After adjusting the order of rules in the rule set, click .Save Changes

Step 5. Verify Successful VPN Tunnel Initiation and Traffic Flow

To verify that the VPN tunnel was initiated successfully and traffic is flowing, go to the page. Verify that green checkVPN > Site-to-Site Tunnels

marks are displayed in the column of the VPN tunnel.Status

Use ping to verify that network traffic is passing the VPN tunnel. Open the console of your operating system and ping a host within the remote

network. If no host is available, you can ping the management IP address of the remote Barracuda Firewall. Go to the NETWORK > IP

page and ensure that is enabled for the management IP address of the remote firewall.Configuration to Allow: PingServices

If network traffic is not passing the VPN tunnel, go to the page and ensure that network traffic is not blocked by BASIC > Recent Connections

any other firewall rule.

Example - Configuring a Site-to-Site IPsec VPN Tunnel

This article provides an example of how to configure an IPsec VPN tunnel between two Barracuda Firewalls with shared authenticatiopassphrase

. The example uses the following networks and default VPN tunnel settings:n