BOVPN to a customer - Route our own remote IPSEC VPN Users

We've tried looking but havent found an exact answer, we have a BOVPN between us and a customer. The Tunnel is up and works fine on our internal network, we can connect to hosts at their site.

We have also created a tunnel between us and them for our remote VPN user range, just for example IPSEC users are on, our internal network is

We want the remote ISPEC VPN users to be able to reach the customer network on say

Do we need to add a route or something so the IPSEC users know about the network? if so where?

Currently they have to connect to a local jump box and then connect out to the network



  • Options

    Do you have "Force All Traffic Through Tunnel" selected in your MUVPN setup?
    If not, you can add to the Allowed Resources list.

  • Options

    If you change the MUVPN setup, you need to Generate new MUVPN profiles and send the new profile to your MUVPN users to import into their MUVPN app.

  • Options

    Thanks Bruce, easy once you know where to look. It did not do the trick though. I can see the network range as an allowed resource on the MUVPN client now, but can't reach the network still.

    I'll also check to see if the customer can see us trying to connect to hosts. Anything else we could be missing?

  • Options
    edited March 2022

    What is an example IP addr at the remote site that a MUVPN user is trying to access?
    What is a sample native IP addr of a MUVPN client PC? MUVPN user's PC on such as user - & dest = 10.1.1.xxx ??

    For debugging, you can turn on Logging on the MUVPN policy to see packets allowed by it in Traffic Monitor.
    Do so, and have MUVPN user try to access the remote site.
    If you see this access in Traffic Monitor, then the issue is that the reply packets at the other end are not making it back. Most likely a routing issue.

    Have you added to the BOVPN setup at each end?
    If not you must for packets from 192.1.2.x to get routed to the remote site.

    Also & are not private subnets. Are these the real internal subnets in use?

  • Options

    Native MUVPN client is and trying to contact remotely at a customer

    We have added a tunnel for at each end user and can see the tunnel come up occasionally.

    We'll try debugging.

    No they were just random examples. Actual ranges now as above and out internal is

  • Options

    I would recommend you to build the setup differently.
    Put the virtual mobile vpn pool in your customer's site-to-site ipsec tunnel. --> Just one site-to-site tunnel and all necessary routes included on your and customer site (mobile vpn pool)

    Is the site-to-site tunnel policy based or routed based?

    Is the IPsec Mobile VPN configurated for full or splitt tunnel?
  • Options

    Hi, been a crazy few dates and just seen this. We have actually put the mobile VPN pool in the tunnel between us and the customer and the tunnel looks to come up occasionally but they see no traffic.

    So I think it is a routing issue as the tunnel is route based. So maybe we are missing a route...

    We have configured split tunnel on the MVPN.


  • Options

    ok. Is the route to the vpn pool on customer site configurated for the site-to-site tunnel?
    Is the the remote subnet included in the mobile vpn configuration?
Sign In to comment.