Cant access a subnet through BOVPN, gateway throws user error?

edited July 29 in Firebox - Other

Greetings,

I have a bit of an odd one.

Recently I got a facility up and running on a new configuration with their Firebox. Everything over on their end works fine, even our sister facility can ping and poke all devices on that facility.

The HQ, however, cannot, and there's some strange symptoms:

If I try to access the Firebox M370 from any gateway, it works just fine except the old one!

If I try to log into the admin account on that gateway it spits back: invalid credentials or user doesn't exist

If I do it on any other subnet's gateway it works just fine. Firewall rules are doing blanket allow subnet to subnet traffic.

I cant ping anything but the gateway itself from HQ, but the sister facility can ping everything just fine. This feels like i have a bad configuration somewhere and I cant think of where!

Anyone have some insight or thoughts where to look?

Edit:

Some additional Diagnostic details:

Gateway HQ (M390): Can ping all new networks, Can ping old gateway, Cant ping old subnet

Gateway Sister (M370): Can ping all new an old networks, I can even RDP into the old network just fine from here.

Gateway Problem Site (M370): Can ping all HQ networks just fine. Can ping all sister networks just fine.

The only network that cant ping another network is all of HQ cant ping the Problem Site's old Network. I'm so confused, traffic monitor provides me no info on the firewall rejecting anything on either side. I'm bewildered here. Do I just need to restart the HQ Firebox or something?

Just a random tank doing networking, don't mind me

Comments

  • What does a tracert to the old subnet from HQ show?
    Tracert shows the path that packets take.

    How is the old subnet connected at the remote site ? to what...

  • @Bruce_Briggs said:
    What does a tracert to the old subnet from HQ show?
    Tracert shows the path that packets take.

    How is the old subnet connected at the remote site ? to what...

    Tracert dies at the HQ Gateway, Reports it cant reach the destination and acts like there isnt a route to the remote site in question.

    Which, there is in fact a route in the routes table that shows the old subnet. Which is what has me so bewildered.

    Old subnet is connected over a VLAN to the Remote Firebox, site to site was previously a IkevV1 tunnel BOVPN across the WAN interface. This was deleted.

    That has been since replaced with a BOVPN VI on IkeV2 pushed through a dedicated fiber link with a multipoint EVC that has 100mbps of throughput.

    The old subnet's IP hasnt changed during this process, but how it was reached was. The sister facility did not have one going there prior (previously it was only back to HQ). Which is why I'm partial to assume HQ's firebox may need to be rebooted. All other routes on the Virtual Interface work just fine.

    Just a random tank doing networking, don't mind me

  • Verify that there is are route entries at the remote site for packets from the old subnet to get to the HQ via the new BOVPN setup.

Sign In to comment.