Operational Defect Database
BugZero found this defect 1444 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000bogISAQ
MUVPN established connection from behind NAT appliances; Source port changes crash IKE process on HUB during negotiation
Last update date:
6/5/2020
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
Fixed releases:
v12.6.2/v12.5.5
Description:
Issue
This issue affects Mobile VPN clients that are located behind a router or firewall performing NAT. When the MUVPN establishes a connection to the Firebox, the NAT appliance assigns a source port for the allowed session. If the session on the NAT appliance changes the Source port, the MUVPN client negotiates a new VPN connection. The Firebox establishes the connection but when it attempts to delete the old SA for that MUVPN, the IKE process crashes.
Workaround/Solution
Reboot the Firebox.
