Site to site VPN timeout

I am currently experiencing an annoying VPN issue

I have a WatchGuard M300 cluster based in datacentre 2 which has an existing site to site VPN to datacentre 1

The same customer has a satellite office with a Watchguard xtm33 that has a site to site VPN to datacentre 1.  The satellite office is double NAT'ing, with an external IP in a 1 to 1 NAT direct through to a private IP range that is the external interface on this Watchguard.

datacentre 1 will be turned off soon so I need to connect the satellite office to datacentre 2, however when I set it up I get a timeout error on the Datacentre 2 side (it's like it cannot even see the external interface nevermind start negotiating) and the satellite side doesn't even attempt to start the VPN.  I have checked all of the settings, all traffic is definitely being passed through the satellite offices provider interface and other services are working.  As there is a VPN in place and working on both sides I cannot understand why the issues exists, but seems buggy.  The firmware on the satellite WatchGuard is old, its the only thing I can think to change.  Or its the 1 to 1 NAT, never had an issue before but its a question mark.
LVL 12
DLeaverAsked:
Who is Participating?
 
JohnBusiness Consultant (Owner)Commented:
The firmware on the satellite WatchGuard is old

Can you try updating that?  Also consider doing hardware reset and setting up the VPN again.

Is the VPN box old?  and should it be replaced.
0
 
JohnBusiness Consultant (Owner)Commented:
Try enabling NAT Traversal (which is the way to get around double NAT's).
0
 
DLeaverAuthor Commented:
It's enabled on both sides already
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
DLeaverAuthor Commented:
The remote office is a good 4 hours away so resetting and upgrading fw carries a risk so will have to wait till one of their IT staff are onsite, hence why I haven't done either or both so far.  Also, this device is connecting successfully to another site over VPN.  It looks to be having an issue doing two IKE tunnels as I tried to set one up to another of mine and it gets the same issue.  Seems buggy at this point so I will arrange the firmware upgrade.
0
 
DLeaverAuthor Commented:
Firmware update sorted it
0
 
JohnBusiness Consultant (Owner)Commented:
Thank you for the update and I was happy to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.