VPN Branch Office not passing data.

Having a problem passing data through a tunnel and the tunnel itself is up, any ideas?

Answers

  • I have many ideas.
    How about some details?
    What is at each end?
    What XTM version are you running?
    Anything in Traffic Monitor to help?
    What are the source & dest subnets involved?
    What do you see from a tracert to an IP addr at the other end?
    Does the other end have any logs to help?

  • The firewall is XTM26 12.0 version on the source side and a XTM330 on the dest. side. Traffic monitor shows no traffic. source is 10.7.0.0 and dest. is 10.1.0.0 I did not run a trace route, but when I ping the other side I get a timeout failure.

  • What are the subnet masks used for the source & dest subnets? /24 ?

    A tracert shows the path that packets take and can help resolve routing issues.

    "Traffic monitor shows no traffic" - have you turned on Logging on the policies which allow traffic over the BOVPN? If not, do so, at least for problem resolution.

  • edited September 2020

    This is the VPN Diags with the logging turned on.

    ---Redacted by moderators due to IP address and Phase1/2 proposals in text -- -- JC

  • Are there packets attempting to go across the BOVPN other than a test ping or tracert?

    You need logging enabled on each end to see where the issue lies.

    My best guess is that the issue is at the XTM330 end given the diagnostic info provided.

  • Thanks for your help, I put in the helper IP's and everything worked fine.

  • It seems to vary between the versions of firmware on the devices, 12.5 and above make you put in the helper ip's on the tunnel, but older version do not make you install helper addresses.

  • Is this related to broadcast packet routing over a BOVPN?

  • yes, everything is fixed now. Thanks!

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @jshores
    I redacted the log portion of your post due to the IP addresses and Phase1/2 proposals being in the post.

    In the future, for your protection, please ensure that you're obfuscating any personal information in your posted logs.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.