Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L2L between 3005 and WatchGuard Firebox 1000

Has anyone had any luck bringing up a L2L tunnel between these two? I am at a point to were the 3005 accepts the SA from the Firebox 1000, however, the Firebox is failing with the 3005 proposal.

Cisco Employee

Re: L2L between 3005 and WatchGuard Firebox 1000

Hi Mike,

Just to reassure you, we have seen the Firebox to work fine with the CVPN3000, here at the TAC.

Although we donot have specific documentation from CVPN3000 to Watchguard Firebox, but we do have the following which you can relate to compare the configs:

VPN configuration between Watchguard and Pix firewall

Configuring the Cisco VPN 3000 Concentrator to the PIX:

In a couple of instances we have seen the following error message which says "....proposals are unacceptable". In these cases, turns out the Watchguard doesn't support md5 and can't be used. It means that CVPN3000 can be set to work whether with sha or md5 but Wg can use sha only. So you should definately check on that.

Hope this helps,




New Member

Re: L2L between 3005 and WatchGuard Firebox 1000

We have the exact same problem. All IKE/IPSEC is setup correctly. This does not work!! I have yet to see a working response anywhere!