SSL-VPN - CONFIGURATION PUBLIC IP PROBLEM

Hello
I have a WatchGuard XTM 25-W and I have configured the Mobile-VPN SSL
but i can't connect.
I have followed the instructions in the manual but I cannot connect outside the office, it only connects while being on the same network and setting the internal IP of the WatchGuard XTM 25-W.
my configuration is as follows:
External: eth1 192.168.2.1 GW, ip 192.168.2.10
Internal: eth2 192.168.1.1 GW
Mode: Mixed routing
The public ip = 190.187.33.178
Does NAT or additional routing have to be done for it to work?

Comments

  • You seem to have some sort of ISP? device in front of your firewall since your firewall external IP addr is a private one - not a public one.
    What is it. brand/model
    Can it be put into bridge mode?
    If not, then you will need to set up port forwarding for TCP port 443 and forward it to your firewall external interface IP addr.

  • Hi, thanks for the help:
    The ISP placed their Cisco equipment and I connect it to my Watchguard, I do not have the keys of those equipment of the provider.

    Also I get this message when I put the public IP in the SSL VPN configuration:

    "The primary or backup IP address does not match an external IP address in the network configuration."

    In the manual alia that I should put the public IP of my ISP but no idea why that message comes out ..

  • edited April 2020

    You need to contact your ISP and ask them to forward TCP port 443 to 192.168.2.1
    You need to enter the public IP addr in your SSLVPN setup in the Primary field and ignore any errors related to that IP addr not being in your config.

  • Thank you
    I will be communicating with my ISP to see that configuration

  • If you are the only the only one behind the ISP router (e.g., you are not one of many in a shared office), then you should ask that they either put into bridge mode (best) or put the WAN IP of your firewall into their device's DMZ so that ALL ports get forwarded to your firewall. That way, if you ever need to access anything other than SSLVPN, it is reachable.

    BTW, "Eth1" is the second interface port and is by default the Trusted interface. "Eth0" is the default External interface. Interface numbering starts with zero.

    Gregg Hill

Sign In to comment.