Devices Behind BOVPN Not Able To Be Accessed By Other BOVPN/SSL VPN Users

Hello all.

We have a M200 Box running v12.5.2 and we now have basically all users working remotely due to COVID-19.

Our main network (yes I know it isn't the best subnet range) is on 192.168.1.0/24 and we have 5 BOVPN Tunnels that are located at 192.168.4.0/24, 192.168.8.0/24, 192.168.12.0/24, 192.168.16.0/24 and 192.168.20.0/24.

I am currently behind the 20.x tunnel and I have a few devices that I would like to have people that are logged into the SSL VPN be able to access.

The SSL VPN Pool is at 192.168.113.0/24

No matter what I do, I cannot get any clients from the SSL VPN tunnel to be able to access anything behind any of the BOVPN Tunnels. I figure this is likely configuration related but I am not sure what to do.

Additionally, everyone can access the 192.168.1.0/24 network just fine. But even BOVPN Tunnel users cannot connect to devices behind other BOVPN Tunnels.

I did log into one of our servers on the 1.x network and I can get to anything that I want behind any BOVPN tunnel.

Just looking for some help on what I might be doing wrong here. Any help is appreciated.

Comments

  • With your main network on the 192.168.1.x range and many home users on that range, you may need to implement some NAT. WatchGuard has some existing education material on how to do this in the BOVPN scenario. The SSL-VPN scenario may be similar. Recommend opening a WG Support ticket.

  • At any site, the BOVPN Tunnel entries need to include all remote subnets that need to access that site and all subnets that need to access a remote site.
    And the Tunnel entries at each end need to reflect the Tunnel settings at the other end.
    On the 192.168.1.0/24 end, you need to add a Tunnel entry for the tunnel to the .20 firewall for Local = 192.168.113.0/24 Remote = 192.168.20.0/24
    Do the reverse at the 192.168.20.0/24 end.

  • @BrianSteingraber I know that some users have had issues but I have had them change their range at home to something like 192.168.200.0/24 so that they can at least connect to the 1.x network. Do you have a reference point to that documentation? I didn't see it, or at least maybe I wasn't searching for the right thing.

  • edited April 1

    Here is an article on this:
    Allow Mobile VPN with SSL Users to use Resources Through a BOVPN Tunnel
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_via_sslvpn_c.html

  • @Bruce_Briggs I think that it what it is!

    I am working through this but I was able to get traffic form SSL VPN to my BOVPN.

    I have some older Cisco RV180 Routers that are being used and I am just working on setting up the proper routes on those, but this is off to a good start.

    Thanks!!

Sign In to comment.