Mobile IKEv2 client cannot connect to the remote mobile BOVPN gateway via the local BOVPN gateway wh

kraegkraeg
in Firebox - VPN Mobile User

hi!

We have switched our customers from IPscec Mobile VPN to IKEv2 (Windows 10/11) and it works quite good so far!

But we encountered a serious problem at several sites which are already connected via a BOVPN tunnel.

Example: Office A and Office B are connected via a BOVPN tunnel. Both sites have static IP and the tunnel is only used for server connectivity.

Now users from Office A shall dial in via IKEv2 mobile VPN to Office B. But the firebox from Office B does not accept the tunnel because it "thinks" the connection comes from the BOVPN tunnel.

According to Watchguard support this bug is already know as

"FBX-9455 Mobile IKEv2 client cannot connect to the remote mobile BOVPN gateway via the local BOVPN gateway when the remote BOVPN gateway is configured as static IP."

What are solutions/workarounds in the real world? Switching to SSL VPN is not an option out of security reasons.

Thanks

Axel

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @kraeg

    Add the VPN subnets to your site to site (BOVPN) - it'll allow the Mobile users to access resources from either site.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.