VPN across Watchgaurd network

[maclmu]

Hello,

i got a problem with my Watchguard VPN network. I am using these devices (old ones i know, but that's what i got):

Firebox III 6.0 -> 128.1/16
Soho 5 -> 128.30/16

There is a VPN connection between these two locations and it is working fine.

Now i have to install VPN tunnel to a customer using a CheckPoint.

I have set up a VPN connection at the Firebox III and i have a routing policy 128.1/16 -> 10.10/16. This connection is operational.

My problem is, that the people from the Soho location must be able to use this client connection. So i have added the 10.10/16 network to the remote IPSec networks in the Soho.

I don't why, but i don't get the traffic being sent across the VPN network to the client site. My tracert will fail at the Soho. I am not sure if it reaches the Firebox at all. At least the traffic is not routed to the internet directly. In the Soho configuration is an appropriate IPSec route.

All documents at Watchguard only described a direct point to point VPN but not the rouing through the VPN.

Can anyone help me on this?

 

[jmkelly]

If I understand you right, you're trying to make a "V" with one device in the middle passing traffic between VPN tunnels connected to the other two, like this:

Box1 <==> Box2 <==> Box3

I'm struggling with something similar myself and haven't succeeded yet, but I can tell you three things WG support has told me:

(1) Check out this page on WG tunnel-switching:

https://www.watchguard.com/help/doc..._bovpn_tunnel_switching_wsm.html|SkinName=WSM

(en-US)

(2) Each end box has to have a route all the way to the middle box's trusted LAN port/network. Conceptually, the traffic goes all the way to that port and bounces back into the destination tunnel.

(3) The configured routes and the WG's internal working routing table can get out of sync. You may need to reboot it to fix this.

Good luck!