Solved

BOVPN Local Gateway IP address ?

Posted on 2013-11-22
2
534 Views
Last Modified: 2013-11-23
Greetings All,

This is a question regarding a WatchGuard Branch Office VPN connection for a x750e.

I basically just want some one to comfirm that the Local Gateway address entered in the Gateway Endpoints setup can only be the primary IP address of the external interface ?

I'm actually trying to use a secondary IP address on the external interface, but when I do a diagnostic vpn "/ike/policy/info gatewayname" on the WatchGuard CLI the ConnectP1/localIP is the primary address of the Firewall instead of the secondary IP address I actually configured on the Local Gateway.
0
Comment
Question by:GYeoh
2 Comments
 
LVL 6

Accepted Solution

by:
Jon Snyderman earned 200 total points
ID: 39671707
It must be the physical IP of the box.  It has to do with the authentication and source IP in phase 1.   If it is that important to move the BO to the secondary, you could switch and make the second IP your physical and the current IP and secondary.    But be careful with outbound email.   You may need to setup a 1-to-1 NAT to make sure that the mail gets delivered from the right source IP since this would usually be the primary IP of the box.

~Jon
0
 

Author Closing Comment

by:GYeoh
ID: 39671939
Thanks Jon, I think I will just stick with the primary IP address then.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question