I have a branch office behind a Watchguard XTM that needs VPN into an EC2 VPC. I am unfamiliar with Watchguard and am unable to find all of the knobs and dials in the flash admin interface to bring it in line with Amazon's expectations.
After much ui frustration, I managed to create configurations for both expected tunnels that meet most of the specified criteria - as I was unable to locate some settings like MTU and ESP options but I have the correct PSK, PFS settings, and am telling it to use SHA1 and AES128 as requested. Attempts to access EC2 private addresses from the office generate a bunch of debug spam as is expected. However, IKE fails with:
Debug 2011-05-31T23:40:45 Process=iked msg=Process 5/6 Msg : failed to process ID payload
For obvious reasons, I haven't even started trying to configure BGP throught the tunnel.
At this point, I am wondering if it is even proven possible to configure l2l into VPC with a Watchguard firewall? If so, where might I be going wrong?
Wondering if you had any luck? I found an Amazon support thread that basically says Watchguard can't support BGP over the VPN tunnels, but they are looking at adding the support in a future release of their firewall software (Watchguard feature #RFE41534). See https://forums.aws.amazon.com/message.jspa?messageID=198172
Hope this helps... if you get it working, please post back here. I am in the same situation.