Hardware cryptography errors
Hi Everyone.
We are facing an issue with one of our WatchGuards, trying to establish a BOVPN, we are getting a connection however unable to route traffic down it successfully. When diagnosing, we are getting the following - Some hardware cryptography errors were found for the tunnel route(IP > IP). An attempt was made to rekey this VPN tunnel. Has anyone come across this before and how do we fix it?? Any help appreciated.
0
Sign In to comment.
Comments
I have never seen anyone post on this issue.
For the record, what firewall models and software versions are involved.
Consider opening a support incident on this.
You can turn on diagnostic logging for IKE which may show something to help:
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher
Besides Diagnostic Logging, you have 2 other options when the session is trying to connect, and you should see something to help understand this.
1) Web UI -> System Status -> VPN Statistics, click the Debug button
2) in FSM -> Traffic Monitor -> right click -> Diagnostic Tasks -> VPN tab
Hi @CornishPaul
This is likely a hardware failure on the firewall (they're rare, but do happen from time to time.)
Support can help verify that this is the issue, and help disable the hardware cryptographic accelerator on the firewall to get the tunnel running for now.
Please consider contacting support using one of the options here:
https://www.watchguard.com/wgrd-support/contact-support
If you have a case open, please reply with the case number and I'd be happy to check and ensure it's with the right team.
-James Carson
WatchGuard Customer Support