How do I allow Mobile VPN through our AT&T fiber gateway?
Hey all!
I am setting up Mobile VPN for our office, and I've hit a roadblock.
I entered our external, public IP address into the Firebox even though that is the IP for our fiber gateway. Obviously, I need to be able to allow the SSL connection in through our fiber gateway to our Firebox M200, but I'm not sure how to do that.
I know our fiber gateway isn't a WatchGuard device, but I'm hoping there's someone here who might be able to tell me generally in a networking kind of way e.g. creating a rule to allow connections on port 443 to allow the connection.
Do I need to define the VPN interface in a particular way?
Sorry for the noobish question. I've most done Office 365 administration and I've inherited Network Admin jobs that don't have a lot of supporting documentation.
Please let me know if there's any other info I can provide.
Thanks!
JH
Answers
What brand & model is the AT&T fiber gateway ?
Once we know that, then we can help more.
@Bruce_Briggs it is an AT&T BGW320 fiber gateway.
Biggest question - your ATT gateway is fully bridged and/or is simply a connection to the internet, not a NAT device, right?
And, you can connect (a) or more VPN's to any external interface and external interfaces can have more than a single IP assigned to them...and, you can have as many external interfaces as the WatchGuard has (minus 1).
@TestingTester you are correct, it is not a NAT device not bridged.
Found online -
https://forums.att.com/conversations/att-fiber-equipment/bgw320500-bridge-mode-andor-ip-passthrough-question/6026fd40eda6ec07a853e0da
You are going to need to bridge it - however, just yesterday I connected a T40 via BOVPN to an M390 -through- a NAT device...I know, this is supposed to be impossible.
I do have the T40 in Dynamic IP Address mode and with a key for Domain - gave me a bit more time to get in touch with Cox communications to get their device bridged. I am certain that an SSL VPN and any other flavor of VPN would not work until you get your device bridged.
I don't see a reason that port forwarding TCP port 443 (or the port set up for SSLVPN) from the AT&T device to the firewall external interface IP addr would prevent SSLVPN from working.
I'm using BGW320 device with AT&T fiber broadband and an M270 device. I have 5 static/public IP addresses, one of the 5 public IP is the M270 external interface. All my IKEv2 users have no problem connecting.
Do you have static/public IPs? AT&T charges extra every month for a block of 5 IPs.
I participated in that thread sometime in 2021