Configuring site-to-site VPN for remote location. Site has Verizon installed with 5 IP block. WG is a T80. Configured External on WG to DHCP and connectivity is fine, but would like to assign one of the static IP's from the block to the WG External, but cannot get connectivity. Is there something I need to configure on the Verizon router (G3100) or the WG to make this work? Not sure what I am missing. Fairly new to WG


  • Options

    Why not contact Verizon to find out how to use one of the public IP addrs on your firewall?

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @wg_rookie
    If the verizon device is also acting as a router, you'll need to configure that device to forward inbound traffic from an IP to the firewall. The situation this is causing is often called "double NAT." It's usually much easier to have one router.

    I would suggest contacting Verizon and finding out how to put their device in a mode that will pass those public IPs to the firebox. This is often referred to as "bridge mode" or "transparent bridge mode" by the ISPs.

    -James Carson
    WatchGuard Customer Support

  • Options

    @Bruce_Biggs - Thank you for the response. I call them and was on hold for awhile and had to attend to something else. I have a call with our ISP rep hoping to get some clarity from them. Thanks again

  • Options

    @James_Carson - Thanks for the info. I am currently awaiting callback from our rep to put me in touch with support tech as I was on hold forever. Thanks again for your input.

  • Options

    Have you tried logging into the Verizon router using the default gateway IP of your Firebox and setting the router to Bridge Mode yourself?
    The router should have a sticker with the default username/password and IP on it somewhere.

    It's usually something simple.

  • Options
    edited April 2021

    I would expect the need for an admin user ID & password to do this.

    From a Google search:
    "To login to your Wi-Fi router, open up a browser and go to 192.168. 1.1 and then login with the password located on the sticker on the router itself. (The username is always admin)"

Sign In to comment.