Operational Defect Database
BugZero found this defect 3247 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3FbSAI
Mobile VPN with IPSec Passthrough fails when the Gateway Firebox connects to a host Firebox with BOVPN
Last update date:
6/29/2015
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
Fixed releases:
All
Description:
Issue
When your gateway Firebox has a branch office VPN tunnel to a remote Firebox, you cannot connect to the same remote Firebox with Mobile VPN with IPSec.
Workaround/Solution
There are two available workarounds: If your gateway Firebox has a secondary IP address configured on the external interface, you can configure a Dynamic NAT entry for traffic from the internal network to the remote Firebox IP address that specifies the secondary IP address as the source IP address. For more information on Dynamic NAT configuration, see Add Network Dynamic NAT Rules.This issue does not occur if the branch office VPN tunnel is configured to use Aggressive mode.
