User guide
Configuring Virtual Private Networks
142 WatchGuard Firebox X Edge
Sample VPN Address Information Table
Item Description Assign
External IP
Address
The IP address that identifies the IPSec-
compatible device on the Internet.
ISP
Site A: 207.168.55.2
Site B: 68.130.44.15
Local Network
Address
An address used to identify a local network.
These are the IP addresses of the machines on
each side that are allowed to send traffic through
the VPN tunnel.We recommend that you use an
address from one of the reserved ranges:
10.0.0.0/8—255.0.0.0
172.16.0.0/12—255.240.0.0
192.168.0.0/16—255.255.0.0
The numbers after the slashes indicate the
subnet masks. /24 means that the subnet mask
for the trusted network is 255.255.255.0. For
more information on entering IP addresses in
slash notation, see this FAQ:
https://www.watchguard.com/support/
advancedfaqs/general_slash.asp
You
Site A: 192.168.111.0/24
Site B: 192.168.222.0/24
Shared Key The shared key is a passphrase used by two
IPSec-compatible devices to encrypt and decrypt
the data that goes through the VPN tunnel. The
two devices use the same passphrase. If the
devices do not have the same passphrase, they
cannot encrypt and decrypt the data correctly.
Use a passphrase that contains numbers,
symbols, lowercase letters, and uppercase
letters for better security. For example,
“Gu4c4mo!3” is better than “guacamole”.
You
Site A: OurSharedSecret
Site B: OurSharedSecret
Encryption
Method
DES uses 56-bit encryption. 3DES uses 168-bit
encryption. The 3DES encryption method is more
secure, but slower. The two devices must use
the same encryption method.
You
Site A: 3DES
Site B: 3DES
Authentication The two devices must use the same
authentication method.
You
Site A: MD5 (or SHA1)
Site B: MD5 (or SHA1)