Hello,
I am rebuilding our current X5000 firewalls(HA) with fireware v10.1, and have run into a number of issues. This one is specifically troubling me however. I have opened incident cases in the past with Watchguard, however my last experience with their tech support was a complete waste of time, so I thought I'd try the forums!
Problem:
I have an external range with a /27 notation, giving me 30 usable host addresses for this network. I have my primary external set to x.x.x.194 (based on an x.x.x.192 network, with the provider gateway set to x.x.x.193). I run a 50 or so VPN tunnels through the firebox.
When I try to configure a tunnel to use a gateway within the address range above, (for instance x.x.x.200) as it's remote gateway identifier, I can establish the tunnel, and ping the corporate network from the X10e. When I try to ping the X10e from the corporate network, I get 'Destination Net Unreachable'. On my traffic monitor, the deny message indicator is 'Cannot create IPSEC tunnel.'
When I change the default gateway on the X10e to use the primary external of the X5000, the tunnel is created, and I can ping in both directions.
Can anyone tell me why this does not work using a secondary network address as a remote gateway for the X10e?
X10e Firmware = 10.2.1
X5000 Firmware = 10.1
This worked under firmware 8.3
Thanks in advance!
CNXTA
I am rebuilding our current X5000 firewalls(HA) with fireware v10.1, and have run into a number of issues. This one is specifically troubling me however. I have opened incident cases in the past with Watchguard, however my last experience with their tech support was a complete waste of time, so I thought I'd try the forums!
Problem:
I have an external range with a /27 notation, giving me 30 usable host addresses for this network. I have my primary external set to x.x.x.194 (based on an x.x.x.192 network, with the provider gateway set to x.x.x.193). I run a 50 or so VPN tunnels through the firebox.
When I try to configure a tunnel to use a gateway within the address range above, (for instance x.x.x.200) as it's remote gateway identifier, I can establish the tunnel, and ping the corporate network from the X10e. When I try to ping the X10e from the corporate network, I get 'Destination Net Unreachable'. On my traffic monitor, the deny message indicator is 'Cannot create IPSEC tunnel.'
When I change the default gateway on the X10e to use the primary external of the X5000, the tunnel is created, and I can ping in both directions.
Can anyone tell me why this does not work using a secondary network address as a remote gateway for the X10e?
X10e Firmware = 10.2.1
X5000 Firmware = 10.1
This worked under firmware 8.3
Thanks in advance!
CNXTA
