• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

Watchguard Additional Network cannot reach VPN networks

I have a watchguard X700 withsetup to use 172.16.0.0/24 on the trusted interface. I have several VPN tunnels setup to remote networks on the Watchguard, ex. 192.168.1.0/24. I have the ANY to ANY rule for these 2 networks and evertyhing works fine. On the Watchguard I added an additional network of 172.16.1.0/24 The watchguard acts as the default gateway for this network as 172.16.1.1. If I have a client on this network he can access the 172.16.0.0 network fine but not the Remote VPN network of 192.168.1.0/24. I assumed I need to add a route on the Watchguard and did this with no success. Has anyone done this before?

Thanks,
0
bminetwork2277
Asked:
bminetwork2277
  • 2
1 Solution
 
chawcheskewCommented:
You probably need to add routing on the remote network...  What is the watchguard connecting to at the other end of the vpn?  Likely whatever device is at the other end needs routing setup to point back to the firebox connected to 172.16.1.0.  Also, sounds like you have a good grip on subnetting and whatnot.  But do be sure that none of the routes or networks on the other devices overlap the network 172.16.1.

regards,
c
0
 
bminetwork2277Author Commented:
The VPN endpoint in this case is A watchguard SOHO 6. It is setup to send traffic to 172.16.0.0/24 only. I figured I would add the route on one side and see if I can get a ping through. I will add it on the remote VPN device as well and test it.
0
 
chawcheskewCommented:
Excellent.  The routing will definitely required for the ping response to be returned to you.
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now