Cannot send traffic through BOVPN VIF

LeonidLeonid
in Firebox - VPN Branch Office

Hello,
I am probably missing something obvious here but I cannot send traffic via SD-WAN through two VIFs on two fireboxes. Side A has virtual IP 10.1.1.1 and Side 2 has virtual IP 10.2.2.2. From Side A Firebox I can ping 10.2.2.2 but from trusted network I cannot do it regardless I can see ping in Traffic Monitor on Side B. SD_WAN traffic is also lost. Where is my mistake?
many thanks

Comments

  • LeonidLeonid

    Figure that VPN route should point to Side B internal network and virtual IP has nothing to do with it :)

  • Robert_VilhelmsenRobert_Vilhelmsen

    @Leonid said:
    Figure that VPN route should point to Side B internal network and virtual IP has nothing to do with it :)

    If i remember correct virtual ip is nessesacy, if you need gre enabled in the tunnel.

  • PhilT_VITPhilT_VIT

    @Robert_Vilhelmsen said:

    @Leonid said:
    Figure that VPN route should point to Side B internal network and virtual IP has nothing to do with it :)

    If i remember correct virtual ip is nessesacy, if you need gre enabled in the tunnel.

    I've been doing some tests for a similar setup here and Robert_Vilhelmsen is correct that you need a virtual (interface) IP address on the VIF to have traffic routed both ways correctly across a VIF.

    In my case between the Fireboxes I just used a APIPA address (169.254.x.x) that is unique within this setup but I have seen RFC1918 private addresses being used (a /30 or /31 will do) and one third party vendor I deal with uses a CGNAT address (due to their complicated setup).
    This applies both for Firebox to Firebox (GRE) and if using the 'third party' selection (where a subnet mask is put in instead).

Sign In to comment.