BOVPN VIF to Azure caused other normal BOVPN loss connectivity.
hi Sir,
Recently we have setup a BOVPN VIF (Virtual Interface) connects to Azure.
The BOVPN VIF established VPN to Azure successfully and we can access to Azure successfully.
However, at the same time our normal BOVPN connection loss.
The Ping returned timed out and can't access to services on the normal BOVPN.
While DEBUG the normal BOVPN Gateway, the result returns something similar to below:
Established.
Incoming traffic not detected.
Outgoing traffic detected.
Once we "disabled" the Azure BOVPN VIF, the normal BOVPN resumed its connectivity. We can ping and access without any issue.
As a conclusion of the issue,
once the Azure BOVPN VIF is established, our normal BOVPN loss connectivity.
Once we "disabled" the Azure BOVPN VIF, the normal BOVPN resumed its connectivity immediately.
Please advice.
Comments
Hi @MYIT
Check your ISP equipment to see if there are any options on it like "ESP ALG" or "IPSec Accelerator." If these options are on, they often rewrite the SPI in your IPSec traffic to some arbitrary value, which prevents the firebox from knowing what tunnel is which.
Aside from checking that, I'd suggest opening a support case -- our team can help look at your firewall and determine why this is happening.
-James Carson
WatchGuard Customer Support
It sounds a bit confusing that you have a Virtual interface (VIF) and a 'normal' BOVPN (presumably policy based)?
Or are we talking about tunnels to two different places?
For Azure, stick to the VIF (route-based VPN) as that is the recommended method.
(Also make sure the MTU is 1400 or less).
Otherwise what james.carson says applies in any case.