WatchGuard Support Center

Knowledge Base - Article

000015168
 Mobile VPN with IPSec and IKEv2 users cannot connect to Firebox network included in zero-route VPN

Products: Firebox & XTM
Operating System: 12.4.x
Operating System: 12.1.x
Operating System: 12.2.x
Operating System: 12.3.x
Issue Status: Open
Tracking ID: FBX-16410
Status: Open
Resolved In:

If your Firebox has a zero-route Branch Office VPN tunnel for a local network, Mobile VPN with IKEv2 and Mobile VPN with IPSec users cannot connect to that local network.

For example, if your Firebox has a Branch Office VPN tunnel with the route 10.0.2.0/24 <-->  0.0.0.0/0, Mobile VPN with IKEv2 and Mobile VPN with IPSec users cannot connect to the 10.0.2.0/24 network. 

There are two possible workarounds for this issue:

This issue does not occur with other Mobile VPN methods.

If your Mobile VPN users can instead connect to the remote side of the Branch Office VPN tunnel, the remote side  might be able to route the Mobile VPN users to the 10.0.2.0/24 network.