Hey all,
I've got an IPsec site-to-site VPN between a Watchguard Firewall and Cradlepoint Router. There are 2 tunnels going through this, lets say 192.168.0.1/23 and 172.16.0.0/24 at the office end, and 10.0.0.0/24 at the client end (Cradlepoint). The client end will be using the tunnel to authenticate with the domain and network resources back at the head office, so we need the tunnels to be established before the user logs on from the 10.0.0.0/24 network.
The IPSec VPN establishes right away and without issue, and as soon as it does, the tunnel between 192.168.0.1/23 and 10.0.0.0/24 works right away as well. For some reason, the second tunnel between 172.16.0.0/24 and 10.0.0.0/24 does technically establish, but traffic from the client end (10.0.0.0/24) will not work unless a client on our office end in the 172.16.0.0/24 subnet pings/sends traffic to the client end first, after which everything works as normal. Statistics on the VPN does verify that both tunnels are up. It would appear traffic between this second tunnel will fail if I restart the Cradlepoint router.
Any ideas on how I can troubleshoot this?
EDIT: just some more information -- when the client traffic fails, I do not even see it hitting our firewall log. If I send a ping from behind the firewall in the 172.16.0.0 network to the client end, I see that traffic and once the client can successfully communicate, I then see all the respective traffic in the firewall log.
No comments:
Post a Comment