Vpn tunnel with remote route to public ip

We've configure vpn tunnel using bovpn.vif to our software provider hosted in AWS.
The tunnel is up. But ping from the firebox m300 to their internal address failed.
One thing unusual is that the remote internal route given by software provider is public ip 159.172.x.x/24. So my vpn route in the bovpn.vif is:
Local ip
Remote ip 159.172.x.x/24.
I wonder if this is at all possible?


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @ahmad_taufik

    Having public IPs on the VPN VIF route is possible --- you just define it in the routes tab of the VIF.

    If you enable logging for your BOVPN-VIF.in / out policies, you should be able to see what traffic is leaving/arriving at your firewall, and how it's being NATed (if NATing for VPNs is on.) If the tunnel itself is actually building, chances are that the firewall is sending the traffic and it's being dropped on the distant end for some reason. If you need assistance determining that, I'd suggest opening a support case so that one of our support reps can assist.

    -James Carson
    WatchGuard Customer Support

  • Options

    Hi @James_Carson
    Thanks for the feedback.
    Yes I can see that traffic is allowed from the log, but I can only see up to our local virtual ip interfaces (we are using dynamic routing with bgp).
    Anyway we will open a support case.

Sign In to comment.