routing through BOVPN

Hi. I have a large network of 9 firewalls M200. I have configured the Tunnel switching to communicate all sites each other through BOVPN as per article http://customers.watchguard.com/articles/Article/Use-tunnel-switching-to-route-VPN-traffic-between-Branch-Office-VPN-tunnels
All sites have 0 for external network and 1 for trusted network
All sites connect to primary site 1 for gateway (primary site only has static IP from ISP. All sites call the primary site)
I have 2 sites with optional interfaces that need to communicate from site 2 opt2 to site 3 opt 2 through the established BOVPN with primary site 1.
how can this be done? I added static routes but it does not wok. do i have to do the same in the BOVPN tunnels route? this is consuming lots of BOVPN licenses in the primary firewall.

Comments

  • edited September 2019

    Remove the added static routes.
    You need to define additional entries on your Tunnel setups to allow this access.

    I believe that this is what you need.
    Add an entry to site 2 with Local = site 2 optional subnet; Remote = site 3 optional subnet
    Add an entry to site 3 with Local = site 3 optional subnet; Remote = site 2 optional subnet
    Add an entry to site1 Tunnel to site 3, with Local = site 2 optional subnet; Remote = site 3 optional subnet
    Add an entry to site1 Tunnel to site 2, with Local = site 3 optional subnet; Remote = site 2 optional subnet

  • Hi Bruce,
    you got the point, I understood what you say and I modified the configs accordingly.
    Unfortunately, the new tunnels are inactive in the front panel system manager.
    check 3 jpegs of vpntunnels site 1, site 2 and site 3
    site 2 optional int is 192.168.69.0
    site 3 optional int is 192.168.70.0
    site 1 connects stite 2 and 3 as you said.
    https://ibb.co/Prr4dZP
    https://ibb.co/5GNSWv9
    https://ibb.co/k9yZtNW

  • I recommend that you open a support incident so that a WG rep can review your setups.

  • Hi Bruce,
    the above solution worked fine.
    Thank you.

Sign In to comment.