no internet connection after vpn connection with at&t client
Hi,
we've got a strange problem, a customer is using a seperated Port on the watchguard,
to connect to his VPN. If we are using this Port, which should only can use the internet and not the local network, with any other Computer, the Internet is working fine and we can also establish a VPN connection to another Watchguard (Mobile VPN with SSL).
The customer laptop is getting also an ip address of that watchguard, but if the VPN
connection is established via AT&T client to his Network, the connection is working
only for a short time. After that, the internet connection is lost and no other computer
can establish an internet connection, until I deactivate and reactive the Interface.
Model: M200
Version: 12.0.B540035
Are there any known issues?
Thanks for your help.
Regards,
Marko
Comments
Your XTM version is almost 3 years old.
There have been many fixes since your version.
Anything obvious in Traffic Monitor when this happens?
Does this A T & T client use IPSec?
If so, have you selected the "Add a policy to enable outbound IPSec pass-through" check box in VPN Options?
Thx for your reply. Firmware update is scheduled for sunday. The VPN connection isn't provided by the WG, it is provided from the customer itself and the laptop should use only our internet for this connection.
The firmware is now the latest version (12.5.4.B622768) and your IPSec hint is activated, but the issue persists. Any other hints?
Please explain more about the firewall port to which the AT&T user is connected. What type is this set to: Trusted, Optional or Custom?
Custom would be the best option. That should prevent any access to anything else on your LAN.
You would need to add 1 or more policies for this port to allow access to the Internet.
Configure a Custom Interface
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/interface_custom_c.html
And it should have DHCP set up on that interface and probably have an external DNS server IP addr added.
"After that, the internet connection is lost and no other computer can establish an internet connection, until I deactivate and reactive the Interface."\
No idea what could cause this. Nothing to help understand this in Traffic Monitor?
If this persists, you should open a support incident to get WG help.
As for the VPN client issue - without knowing what VPN protocol that the AT&T client is using, no ideas.
You could add an Any packet filter From: the IP addr that the VPN client gets, and enable Logging on the policy.
Then you could see the packet types coming from the VPN client, which should indicate the protocol being used.
You can open a support incident on this, or have the user open a support incident with AT&T to hep in troubleshooting.
Hi, sorry for my late reply, Network is trusted and not custom. Policies are applied to all configured trusted networks. DHCP server is activated and 2 external DNS Server are configured (Telekom and Google). If the connection is
lost, only DHCP requests are visible within the logs. I will open a service request and keep you up to date.
BR
Use of type Trusted for this interface may be the cause of some of your issues
Hi Bruce. Thanks for your help. WG has initiated an RMA. Now the problem is solved. Unfortunately, I don't know why this depends on the hardware, but the problem is solved. But thanks for your help!
BR