Watchguard XTM330 firewall BOVPN problem
I've been having some problems with my office BOVPN lately, randomly the bridge between our two offices breaks. We have two identical XTM330 firewalls on both locations and both have the same configuration, done using this guide:
http://www.watchguard.com/help/docs/webui/11/en-us/content/en-us/bovpn/manual/manual_bovpn_fireware-xtm_fireware-xtm_web.html
But sometimes randomly the tunel stops working and we can't access the other office's network. Usually resetting the firewalls temporaly fixes the issue.
I got the following debug messages off both firewalls logs:
Does anyone know what could be causing this?
http://www.watchguard.com/help/docs/webui/11/en-us/content/en-us/bovpn/manual/manual_bovpn_fireware-xtm_fireware-xtm_web.html
But sometimes randomly the tunel stops working and we can't access the other office's network. Usually resetting the firewalls temporaly fixes the issue.
I got the following debug messages off both firewalls logs:
Office A firewall
Process=iked msg=(officeAExternalIP<->officeBExte rnalIP)MWA N-Failback notify ikePcy=0x1078b638(officeBT unel), p1said=0xc645b540 UP
Process=iked msg=(officeAExternalIP<->officeBExte rnalIP)MWA N-Failback failed to find the ikePcyGrp by ikePcy - name=officeBTunel
Office B firewall
Process=iked msg=(officeBExternalIP<->officeAExte rnalIP)MWA N-Failback notify ikePcy=0x1078b638(officeAT unel), p1said=0xc645b540 UP
Process=iked msg=(officeBExternalIP<->officeAExte rnalIP)MWA N-Failback failed to find the ikePcyGrp by ikePcy - name=officeATunel
Does anyone know what could be causing this?
Last Comment
ASKER
I checked and right now the firewalls are using dead peer detection, before we were using only IKE keep-alive but the problem started happening so following the recommendation of the guide on that link I changed IKE keep-alive for Dead peer detection.
But the problem it's still there. I checked the Internet connections and no user has reported any problem with the internet.
Thanks for your reply
But the problem it's still there. I checked the Internet connections and no user has reported any problem with the internet.
Thanks for your reply
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
In Office A there is a multi WAN configured, and no, when it has happened the connection to the internet was fine.
Are there any more logs which might explain the issue.
Its tough to say what is exactly happening with limited information.
Its tough to say what is exactly happening with limited information.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Networking Hardware-Other
Networking hardware includes the physical devices facilitating the use of a computer network. Typically, networking hardware includes gateways, routers, network bridges, modems, wireless access points, networking cables, line drivers, switches, hubs, and repeaters. But it also includes hybrid network devices such as multilayer switches, protocol converters, bridge routers, proxy servers, firewalls, network address translators, multiplexers, network interface controllers, wireless network interface controllers, ISDN terminal adapters and other related hardware.
28K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Can you make sure that the internet indeed remains up all the time.
Also, please make sure that you have configured IKE keep-alive...though not directly relevant here but can help.
As per link you posted:
Select NAT Traversal, IKE Keep-alive, or Dead Peer Detection (RFC3706). Make sure you select the same values you chose in the BOVPN Tunnel Settings.
Please check and update.
Thank you.