IKEV2 with ISP NAT problems
Hello,
Recently our ISP changed our private and public IP and now we have a private ISP IP with a public IP in 1:1 NAT. Before we had the same private/public
Private IP: 10.xx.xx.xx
Public IP: 189.xx.xx.xx
I already configured IKEV2 vpn with both IPs. I can connect via the same ISP to the private IP. I cannot connect via the public IP from within the same ISP or any other ISP.
SSL VPN works correctly with the public IP from any ISP, just the IKEv2 is having problems.
Is there an aditional configuration that I am missing? The ISP modem is in bridge mode. The interface IP is the private IP. I dont know if that is the problem.
Can someone help me figure this out?
Thanks
0
Sign In to comment.
Comments
Perhaps turning on diagnostic logging for IKE will show something to help.
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE
Set the slider to Information or higher
In the Web UI: System -> Diagnostic Log -> VPN -> IKE
Click the down arrow and select Information
I'm not exactly sure what you mean when you say the ISP changed your private IP. If your ISP is now NATing your connection, they're likely doing something like carrier-grade NAT (CG-NAT)
If nothing was done on the ISP's equipment to forward the ports for IKEv2 to your firewall via that scheme, it won't make it to your firebox. You'll need to contact your ISP to see if this can be set up.
-James Carson
WatchGuard Customer Support