VPN with SSL couldnt read configuration
Hi all,
I am trying to connect with wg ssl mobile client 12.2 to my Firebox XTM 515 with latest firmware, but every time I become a message "watchguard firebox ssl could not read configuration".
Mobile IPSec is working well in my case.
Please for an advice.
Thanks.
0
Sign In to comment.
Comments
Latest firmware for an XTM 515 meaning Fireware v12.1.3 Update 3 ?
Could be that the connection is not actually making it to your firewall or that your UserID/password is not correct.
What do you see in Traffic Monitor when this access is tried?
You can turn on diagnostic logging for SSLVPN which may show something to help:
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> SSL
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher
Do you have anything running on port 443 (https) other than your SSLVPN, or did you change the port number for the SSLVPN?
If so, you'll need to specify the right port like
vpn.example.com:444
If you're still unable to get this to work, creating a support case is probably your best bet, so that one of our technicians can help.
-James Carson
WatchGuard Customer Support
Latest firmware I mean exactly as You wrote - 12.1.3U3.
The connection was directly to my firewall and I used correct user/pass (the same user works on IPSec with ShrewSoft client).
The problem was with another SSL port - I changed default 443 -> 442 because of collision with HTTPS. Now work everything well.
As I already said to Bruce, the problem was that I didn't fill the port in the end (:442). Thanks for valuable advice!!
Hi guys,
I have another question after all - how to enable more subnets through SSL tunnel. In IPSec VPN connection it works - there are Branch Office Tunnels for IPSec defined, but if I try to "Specify allowed resources" in Mobile VPN/SSL, it doesn't work.
Any help will be appreciated.
Thanks.
If your goal is to route SSLVPN traffic over a BOVPN, then you need to add the SSLVPN subnet to your BOVPN Tunnel settings.
BOVPN Tunnel settings identify what packets will be routed through the BOVPN.
I have added SSLVPN subnet to all tunnel routes which I need, but it still doesn't work.
Please explain where the subnets are that you can not access with a SSLVPN session.
Do you have the "Routed VPN traffic" option seelcted and "Force all client traffic through tunnel" check box selected in your SSLVPN setup on your firewall ?
You should have both of these selected.
Debugging help:
. You can turn on Logging on WG SSLVPN policy to see packets allowed by this policy in Traffic Monitor
. do a traceroute from your SSLVPN client to problem subnets and post the results. A traceroute will show the path that packets take
Yes, I am using routed VPN traffic and I tried all options (force/allow networks/specify resources), but any of them has worked.
These subnets are specified in BO-Tunnels and all subnet-routes are configured inside. These BO-Tunnels are added in BOVPN-Allow policies and they works through IPSec connection.