PPoe secondary ip

RobertoCostelli

My ISP connection is on ppoe/DHCP and i have a secondary ip xxx.xxx.xxx.xxx/30.
How can i set this ip as my pubblic ip and use for BOVPN and SSLVPN?
Thanks

Bruce_Briggs

Add an IP from this range as a secondary IP addr, and use it for your SSLVPN & BOVPN

james.carson

You'll need to define the secondary IP on the interface that connects to your ISP device (your external interface.)

See:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/second_net_config_c.html

Once that is configured, you can set the SSLVPN IP in the SSLVPN config to the secondary IP.

RobertoCostelli

Thanks everyone for the replies.
I tried entering the secondary ip address in both the form x.x.x.137/30 and x.x.x.137/32.
It doesn't work and in the traffic log I see many blocks at addresses x.x.x.137, 136, 138,139

Bruce_Briggs

You will see denies for incoming packets which do not match a policy allowing them.

Exactly what doesn’t work?

RobertoCostelli

Hi Bruce, this is an extract of trafic monitor...

Bruce_Briggs

I see some outgoing allowed traffic and a lot of denied packets from the Internet.
Nothing looks wrong to me.

RobertoCostelli

Hi Bruce, i'm unable to connect with SSLVPN and also BOVPN not work.
I can't ping the secondary ip address from internet.
I don't know if i must configure somethings else in NAT or ROUTE...
Thank's

Bruce_Briggs

You need a Ping policy to allow incoming pings - From: Any-external To: Firebox or a specific external IP addr.

If you have a support license on your Firebox you can open a support case and get help from a WG rep with your issues.

Bruce_Briggs

There are client logs on the SSLVPN app and you can turn on Diagnostic Logging for both SSLVPN and IPSec which may show something to help.