[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1954
  • Last Modified:

Cannot connect with vpn client

Hi Guys,
I am trying to create a vpn connection to my watchguard X20.
I have created a user. And it's settings are good.
When I try to connect here is the error message :
IKE Phase 1 error

The  wathguard is connected to a router

Here is my X20 config :

Trusted Network
IP Address
Subnet Mask
DHCP Server  Disabled
First IP
MAC  00:90:7F:1F:1F:8C
External Network
Mode  Manual  
IP Address
Subnet Mask
MAC  00:90:7F:1F:1F:8B

1 Solution
The biggest issue you have with this is that you do not have a public IP address on the external of your Watchguard.  You need to have a public IP address on the external of your firewall in order for this to work properly and without headaches.  
You probably have a DSL router or something in front of the firewall that is holding the Public IP address and the DSL Router is set for DHCP mode which is where you are getting your Private IP address for the external of the firewall.  A lot of times ISP's will allow you to pass this through to your firewall, either in bridge mode or some other form (ISP's vary this throughout the globe).

If you get this part straightened out you will find the VPN a lot more useful.

zdingelitAuthor Commented:
Thanks for your Answer.
Finally, I have found that the router is making NAT also. on the router there is 2 wan
I am going to remove the router and upgrade the wathcguard to support 2 wan.


Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now