![]() I was able to rebuild it, but the same problem persists (endpoint 1 - Message retry timeout). I tried removing the VPN tunnel between our admin firebox and one of our other points, then re-building it. I'm not sure why this disconnect occurred - no changes were made in the configurations between Point A and the other points. ![]() Is there a way to convert or otherwise edit these "DVCP-created" objects? I need to at least make sure the Shared Secret is the same on both ends, but I can't edit or change it. However, when I click on "edit.", I get a dialogue box saying "This is a DVCP-created object. I go to Point A's firebox Policy Manager > Branch Office Gateways, and click on Point B's gateway in the list, which is highlighted in blue. Points B-I show no errors in their communications to each other. IKE Phase 1 is failing between Point A to Points B-I. Check the connection between local and remote gateway endpoints. ![]() Gateway-Endpoint='( Redacted)' Reason=Message retry timeout. 12:54:02 iked (A B)IKE phase-1 negotiation from (A) to (B) failed. Sure enough, the same error message comes up with the added information (IP addresses have been redacted just to be safe, but please let me know if I shouldn't be doing this for any reason. So I go to the traffic monitor to see if something else comes up. Check the connection between local and remote gateway endpoints." When I check the firebox logs, I find the following error on each Gateway: Suddenly, a few weeks ago, our guest network goes down at all of but one our locations, the remainder being located next to our main Firebox. From what I could tell, everything was configured correctly and no errors were coming up on the Watchguard Firebox System Manager. Before he left, the previous coordinator had installed Watchguard fireboxes and built a network with several VPN's running through the fireboxes. I took over as Tech Support Coordinator for the company I work for back in 2018. (If it is an older box with web management access only, then you need to find the "syslog" page to see the traffic log messages).This is a doozy, so I apologize for the book I'm writing here. You can increase the amount and detail of logs so you can get more insight into what is happening. You can also open the Policy Manager, and go to the Setup menu, and choose Logging, then the Diagnostic Log Level button. Look for red "deny" messages, they will give you a clue why the traffic is denied. If you are using PPTP or SSL for the connections, those policies do live in the normal rule sets.įor troubleshooting, connect a client and setup a continuous ping to a server (ping -t server_ip) and then open Firebox System Manager and go to the Traffic Monitor tab, to see the logs of what is happening. When you open the Policy Manager, at the top of the rules is another tab for IPSEC MUVPN rules. There is a catch with "MUVPN with IPSEC" because the policies which control it do not live in with the normal firewall policies. Watchguards support three kinds of mobile VPN - PPTP, IPSEC and SSL. We've looked at the settings on the Mobile VPN client, but nothing seems like a probable cause. Plus, some people can successfully connect to network drives through the VPN.Ĭan someone please suggest some steps to help troubleshoot? We've checked the policies on our Watchguard box, and they seem fine. But we also made other changes at the time that might have thrown something off, although we feel like we've checked them all. We've since switched back and the problem persists, so that doesn't seem to have been it (which makes sense). Last week, we temporarily switched one of our Comcast modems to our backup DSL modem because the Comcast was accidentally shut off by Comcast, and the problem seemed to start around then. The problem is, when they try to map drives, or even ping the IP address of a server on our network, it fails. That is, their status in the the VPN client says "Connected" and they have the correct IP address listed as the VPN Endpoint. We use Watchguard Mobile VPN (we have a Watchguard Firebox firewall) and the users are able to connect. We're having any issue in which some of our employess can no longer connect to our network drives when out of the office.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |