Options

BOVPN + Virtual Interface

Chris_KellyChris_Kelly
in Firebox - VPN Branch Office

Hey all,

Looking at the documentation, it says that you can't use the same local/remote gateway pair for both a regular BOVPN tunnel and a BOVPN virtual interface.

However, would it be possible to have the two co-exist (between the same two fireboxes) by setting up the gateways to use secondary IPs on the same external interfaces?

Cheers,
-Chris

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chris_Kelly If it's a different IP, it'll pass the checks and should be allowed. Generally I'd just suggest making additional routes in the tunnel you already have, but it would be possible.

    -James Carson
    WatchGuard Customer Support

  • Options
    Chris_KellyChris_Kelly

    Excellent, thanks @james.carson!

    Just for a bit of background since I imagine it sounds a little strange - I like the idea on paper of how BOVPN virtual interfaces work vs manual BOVPN setups, and my current project is to re-subnet our existing setup into new VLANs with different IP schemes than are currently being used, so I figured it would be nice to set up the new networks with the BOVPN VI and have it run in parallel with the existing manual one while i move all the hosts over.

    Thanks again!

Sign In to comment.