User`s guide
7.
8.
1.
2.
3.
4.
5.
Authentication Select . Shared Passphrase
Passphrase
Enter the shared secret.
Click .Add
Step 3. Configure the Firewall Rule for VPN Traffic
To allow network traffic between both networks, create a firewall rule. You must create the same rule on both Barracuda Firewalls.
This example configures a firewall rule to allow traffic between the /24 and /24 networks.10.0.10.0 10.0.20.0
Log into the Barracuda Firewall at Location 1.
Go to page.FIREWALL > Firewall Rules
Add a firewall rule with the following settings:
Action Connection Bi-directional Service Source Destination
Allow No SNAT Select the Bi-direc
check box.tional
Any
10.0.10.0/24 10.0.20.0/24
With the service object, all types of network traffic are allowed between the remote and local network. For VPN tunnels, you mustAny
select the connection object.No SNAT
At the top of the window, click .Add Access Rule Add
Log into the Barracuda Firewall at Location 2 and repeat steps 2 to 4.
Step 4. Verify the Order of the Firewall Rules
New rules are created at the bottom of the firewall rule set. Because rules are processed from top to bottom in the rule set, ensure that you
arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are
blocked. Check the order of the firewall rules in the rule sets for both Barracuda Firewalls.
After adjusting the order of rules in the rule set, click .Save Changes
Step 5. Verify Successful VPN Tunnel Initiation and Traffic Flow
To verify that the VPN tunnel was initiated successfully and traffic is flowing, go to the page. Verify that green checkVPN > Site-to-Site Tunnels
marks are displayed in the column of the VPN tunnel.Status
Use ping to verify that network traffic is passing the VPN tunnel. Open the console of your operating system and ping a host within the remote
network. If no host is available, you can ping the management IP address of the remote Barracuda Firewall. Go to the NETWORK > IP
page and ensure that is enabled for the management IP address of the remote firewall.Configuration to Allow: PingServices
If network traffic is not passing the VPN tunnel, go to the page and ensure that network traffic is not blocked by BASIC > Recent Connections
any other firewall rule.
Troubleshooting Site-to-Site VPNs
If your site-to-site VPN is not working correctly, try the solutions that are listed in this
article.
Related Articles
How to Configure a Site-to-Site
VPN with IPsec
Example - Configuring a
Site-to-Site IPsec VPN Tunnel
Ensure that the Internet connection for both systems is active.
To verify that the VPN tunnel was initiated successfully and traffic is flowing, go to the VPN > Site-to-Site Tunnels page. Verify that
green check marks are displayed in the Status column of the VPN tunnel.
Double-check the VPN configuration for both systems (Lifetime, Enycrption, Hash-Method, DH-Group, Local and Remote Networks,
Local and Remote Address, and Passphrase). Go to the page and verify the tunnel settings. TheVPN > Site-to-Site Tunnels
configurations of the peers must match or the tunnel cannot be established.
Go to the LOGS > VPN page. Search the log for any failures and errors. Often, the problem is caused by Log
Phase 1 and Phase 2 issues.