This article describes how you can create a site-site VPN tunnel from a Watchguard
You need to have an active Copaco Hyper-V subscription
you must have completed How to create a site-to-site VPN
The Watchguard supports IKEv2 in version 11.11.2 and later, make sure the Watchguard is at least at version 11.11.2.
Go to Policy Manager and click on VPN=> Branch Office Gateways
Click on Add to add a gateway.
Enter a name for the gateway (1) and fill-in the Pre-Shared Key which you entered before in the Copaco Hyper-v portal (2) and click on Add (3)
Enter the local primary ip-address under Local Gateway. Under Remote Gateway enter the ip-address of the 2tCLoud Gateway, this can be found in the WAP Portal under the Site-2-Site VNET settings.
The 2tCLoud gateways can be 22.214.171.124 or 126.96.36.199.
Click on OK
select Phase1 Settings, Make sure IKEv2 is selected
The default Transform Settings are incorrect, select SHA1-3DES and click on Edit.
Change the settings to SHA1, AES 256-bit and Diffie-Helman Group2
Branch Office Tunnels
After creating the Branch Office Gateway (Phase 1), we need to create a Branch Office Tunnel.
Go to Policy Manager and select VPN => Branch Office Tunnel.
Click on Add
Enter a name for the Tunnel and select the Gateway which we created before
Click on Add to select the local subnet for the VPN-tunnel
In this case the local subnet is 192.168.1.0/24 and the Remote 2tCloud subnet is 172.16.20.0/24
The Phase 2 settings need to be changed to the following:
Select PFS and choose Diffie-Hellman Group14
Remove the default proposal.
Add a new proposal with options; ESP-SHA1-AES & Lifetime 1 hour.
The configuration is now completed, click on OK and Close.
Check if the vpn-tunnel is built under Firebox System Manager (Front Panel =>Branch Office VPN Tunnels)