Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 933
  • Last Modified:

Watchguard Firebox X750e Fireware 10.2 3 returns Broadcast Address (255.255.255.255) as Private Address rather than an address in the MUVPN IPSEC Address pool

Hello,

I am faced with a very strange problem...

Watchguard Firebox X750e Fireware 10.2 3 returns Broadcast Address (255.255.255.255) as Private Address rather than an address in the MUVPN IPSEC Address pool.

We are using the MUVPN Client 7.3 as we have upgraded from a Firebox III 700 to the Firebox X750e w/ Fireware.

I am able to authenticate and receive a successful connection message, but it's not successful.

The Received Private IP Address is 255.255.255.255 rather than one of the IP Addresses in the MUVPN IPSEC IP Address Pool.

Any suggestions? I'm still waiting to hear back from Watchguard on this... We compared settings with our other sites and all seems to be configured correctly (unless we are missing something).
0
vichydroit
Asked:
vichydroit
  • 5
  • 2
1 Solution
 
CPtechCommented:
Can you run an ipconfig on the MUVPN client and post the results for the tunnel?
0
 
vichydroitAuthor Commented:
The tunnel doesn't seem to get established.

I get a connected message (because the safenet virtual adapter interface connected -- but got an invalid ip address to utilize) but it's followed by "Unable to connecto to My Connections\x.x.x.x-a.a.a.a Please check log for further details."

The details are that the Private IP Address beign assigned to the MUVPN client is 255.255.255.255

Hence, when running ipconfig after a connection attempt the ip address for the Safenet virtual adapter is as follows:

PPP adapter SafeNet Virtual Adapter Interface:
Connection-specific DNS Suffix :
IP Address: 255.255.255.255
Subnet Mask: 255.255.255.255
Default Gateway:

Any clues?
0
 
vichydroitAuthor Commented:
Any Clues as to what would cause the WG to assign a broadcast address to the client? Has anyone seen this before?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
CPtechCommented:
Have you double checked the scope of you MUVPN IP addresses to verify they are correct?  Were the IP addresses you are assiging the mobile VPN users on the subnet they are trying to connect to or are they assigned to an optional interface?  Just trying to get a little more info to better help you resolve the issue.
0
 
vichydroitAuthor Commented:
The MUVPN IP Addresses are in the same subnet as the Trusted interface.

The MUVPN IP pool range is excluded from AD's DHCP and is not "double-booked"
0
 
vichydroitAuthor Commented:
I had to change settings on our radius server to "Server settings determine IP Address assignment"
and restart radius through it's mmc

We previously had used "Client may request an IP address" without any problems...
0
 
vichydroitAuthor Commented:

edit remote access policy --> Edit Profile --> IP Tab --> use "Server settings determine IP Address assignment"
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now