Can't access backup master from IKEv2 VPN client

Dear community,

I have two M370 in a cluster and IKEv2 mobile VPN for remote clients.

If connected via VPN, I am unable to Ping the management IP of the Firebox which is backup master and also I cannot open the management webpage in Port 8080 in a browser. For the master Firebox this is both working. If connected to the internal LAN, I am able to access both boxes. There are no firewall rules blocking outgoing traffic (Default policy Allow IKEv2-Users).

I think it might be a routing problem, but I am somewhat stuck. Here some details:

192.168.160.1/16 => Trusted-LAN IP assigned to both Fireboxes in the cluster
192.168.160.3/16 => Management IP Firebox 1
192.168.160.4/16 => Management IP Firebox 2
192.168.169.0/24 => Address pool for IKEv2 users

Simon

Best Answers

  • Accepted Answer

    Hi @James_Carson

    I am talking about the IPs in the management network.

    You are right, there aren't many reasons to access the backup master. I just think that before upgrading to 12.5.3 this scenario was working and I am wondering why it is not working anymore.

    regards,
    Simon

Answers

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @Simon_B

    Except in the management network (as defined in Firecluster -> Configuration) only the master will be accessible, as the two devices share an IP address on other networks.

    In most scenarios, You'll only need to access the master. Any commands for the backup master can be relayed from it, like upgrade and fail-over commands. What specifically do you need to connect to the backup master for?

    -James Carson
    WatchGuard Customer Support

Sign In to comment.