Options

VPN Branch Office not passing data.

jshoresjshores
in Firebox - VPN Branch Office

Having a problem passing data through a tunnel and the tunnel itself is up, any ideas?

Answers

  • Options
    Bruce_BriggsBruce_Briggs

    I have many ideas.
    How about some details?
    What is at each end?
    What XTM version are you running?
    Anything in Traffic Monitor to help?
    What are the source & dest subnets involved?
    What do you see from a tracert to an IP addr at the other end?
    Does the other end have any logs to help?

  • Options
    jshoresjshores

    The firewall is XTM26 12.0 version on the source side and a XTM330 on the dest. side. Traffic monitor shows no traffic. source is 10.7.0.0 and dest. is 10.1.0.0 I did not run a trace route, but when I ping the other side I get a timeout failure.

  • Options
    Bruce_BriggsBruce_Briggs

    What are the subnet masks used for the source & dest subnets? /24 ?

    A tracert shows the path that packets take and can help resolve routing issues.

    "Traffic monitor shows no traffic" - have you turned on Logging on the policies which allow traffic over the BOVPN? If not, do so, at least for problem resolution.

  • Options
    jshoresjshores
    edited September 2020

    This is the VPN Diags with the logging turned on.

    ---Redacted by moderators due to IP address and Phase1/2 proposals in text -- -- JC

  • Options
    Bruce_BriggsBruce_Briggs

    Are there packets attempting to go across the BOVPN other than a test ping or tracert?

    You need logging enabled on each end to see where the issue lies.

    My best guess is that the issue is at the XTM330 end given the diagnostic info provided.

  • Options
    jshoresjshores

    Thanks for your help, I put in the helper IP's and everything worked fine.

  • Options
    jshoresjshores

    It seems to vary between the versions of firmware on the devices, 12.5 and above make you put in the helper ip's on the tunnel, but older version do not make you install helper addresses.

  • Options
    Bruce_BriggsBruce_Briggs

    Is this related to broadcast packet routing over a BOVPN?

  • Options
    jshoresjshores

    yes, everything is fixed now. Thanks!

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @jshores
    I redacted the log portion of your post due to the IP addresses and Phase1/2 proposals being in the post.

    In the future, for your protection, please ensure that you're obfuscating any personal information in your posted logs.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.