BOVPN Connection Issue

I am trying to get the BOVPN connection up between two of my offices. I keep receiving the following in the diagnostic log: [Conclusion]
Error Messages for Gateway Endpoint #1(name "gateway.1")
Apr 22 18:09:26 2021 WARN 0x02030024 Tunnels were deleted due to keep-alive negotiation failure. Check the connection between local and remote gateway endpoints.

Apr 23 09:48:14 2021 ERROR 0x021a001b No response for IKE_SA_INIT request message. Check the connection between the local and remote gateway endpoints.

From this message, it appears to be some kind of connection issue between the gateways. I'm able to ping both endpoints, so I know they're reachable. I've looked over my settings many times on both ends and cannot find a reason why this would be happening. The only thing I can think of is the external IP address I'm using for the gateway may not be correct. Any advice would be greatly appreciated. Thank you!

Comments

  • Does each firewall have a static public IP addr on external or a dynamic public IP addr on external ?
    If dynamic, it is best to use a DNS name for the connection instead of an IP addr.

    Do you have access to the logs or Traffic Monitor at the other end?

  • They're both static IPs assigned by the ISP. Unfortunately, I don't have access to the logs at this moment because the other office is over an hour away. This may sound trivial, but the IP that I need to assign to the BOVPN gateway should be the IP of the external interface (x.x.x.x/29) and not the gateway, correct?

  • I should probably also mention that that the tunnel will go up for a a couple of minutes then go down with the warning about the keep-alive negotiation failure. It never stays up for very long.

  • Remove the Phase 1 keep-alive setting and use Dead peer detection instead, and see if that helps.

  • If you manage both firewalls, you can set the remote firewall for access from your firewall external interface IP addr for the Web UI and/or for WG-Firebox-Mgmt (the WatchGuard policy)

  • So it turns out that the passphrase on each end of the tunnel didn't match. Once I corrected that, it started working. Thank you for the response!

Sign In to comment.