BOVPN to Mikrotik Router - CREATE_CHILD_SA request error
Hey Guys,
we are planning to give out some IP phones to our colleagues for their homeoffice setup. The IP phones don't support a direct VPN connection. Because of that we are planning to use mikrotik routers (cheap and reliable) as a vpn router. Our Watchguard cluster in our office is a cluster of two M390´s which are connected through a 1GBit fibre connection from Versatel (Germany). I set up the BOVPN Tunnel on both sites with these instructions:
but i get the following error message on the Watchguard Firewall:
<155>May 20 11:00:57 iked[22882]: msg_id="021A-0011" (watchguard<->mikrotik)IKEv2 CREATE_CHILD_SA exchange from mikrotik:44066 to watchguard:4500 failed. Gateway-Endpoint='gateway.1'. Reason=Received unacceptable traffic selector in CREATE_CHILD_SA request.
The remote setup with the mikrotik is the following:
[watchguard]--[versatel]--[internet]--[vodafone]--[FritzBox]--[mikrotik vpn gateway]--[Switch]--...
Vodafone Germany is currently not giving out a private dynamic IPv4 Adresses to their customers. Vodafone Germany is using a DS Lite tunnel, so its like cgnat.Could that be a problem? Is anyone using the same setup with a mikrotik router or had the same issue?
Thanks in advance.
Many greetings from the country
yzimmer
Answers
hI @yzimmer
If the VPN is set up to use a dynamic IP address, this shouldn't keep the VPN from standing up.
This type of issue might be best for a support case -- If you haven't done so already, I'd suggest opening a support case using the support center link at the top right of this page.
If you do so, please include:
-The config of the VPN on the WatchGuard side (or enable support access.)
-A screenshot or description of the VPN settings on the remote client routers.
-James Carson
WatchGuard Customer Support