WatchGuard Support Center

Knowledge Base - Article

 MUVPN established connection from behind NAT appliances; Source port changes crash IKE process on HUB during negotiation

Products: Firebox & XTM
Operating System: 12.x
Issue Status: Resolved
Tracking ID: FBX-19399
Status: Resolved
Resolved In: Fireware v12.6.2/v12.5.5

This issue affects Mobile VPN clients that are located behind a router or firewall performing NAT. When the MUVPN establishes a connection to the Firebox, the NAT appliance assigns a source port for the allowed session. If the session on the NAT appliance changes the Source port, the MUVPN client negotiates a new VPN connection. The Firebox establishes the connection but when it attempts to delete the old SA for that MUVPN, the IKE process crashes.

Reboot the Firebox.