Vpn tunnel with remote route to public ip
We've configure vpn tunnel using bovpn.vif to our software provider hosted in AWS.
The tunnel is up. But ping from the firebox m300 to their internal address failed.
One thing unusual is that the remote internal route given by software provider is public ip 159.172.x.x/24. So my vpn route in the bovpn.vif is:
Local ip 192.168.32.0/19
Remote ip 159.172.x.x/24.
I wonder if this is at all possible?
Thanks
Ahmad
0
Sign In to comment.
Comments
Hi @ahmad_taufik
Having public IPs on the VPN VIF route is possible --- you just define it in the routes tab of the VIF.
If you enable logging for your BOVPN-VIF.in / out policies, you should be able to see what traffic is leaving/arriving at your firewall, and how it's being NATed (if NATing for VPNs is on.) If the tunnel itself is actually building, chances are that the firewall is sending the traffic and it's being dropped on the distant end for some reason. If you need assistance determining that, I'd suggest opening a support case so that one of our support reps can assist.
-James Carson
WatchGuard Customer Support
Hi @James_Carson
Thanks for the feedback.
Yes I can see that traffic is allowed from the log, but I can only see up to our local virtual ip interfaces (we are using dynamic routing with bgp).
Anyway we will open a support case.