Operational Defect Database
BugZero found this defect 501 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000Bc4TSAS
BoVPN initiated from the wrong external IP address when interface is DHCP and has static secondary addresses
Last update date:
1/5/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.9.x
Fixed releases:
v12.9.3
Description:
Issue
If you configure the BOVPN gateway to use the primary external IP address of an external interface set to DHCP, the iked process unexpectedly uses the first configured secondary IP address of that interface when initiating the VPN connection.The VPN connection fails with the reason "No response for IKE_SA_INIT request message." or "Message retry timeout."
Workaround/Solution
Reconfigure the BOVPN gateway to terminate using the statically assigned secondary IP addresses.
