We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Why is my dynamically assigned local ISP not working for the IPsec site to site VPN tunnel?

  • Type: Knowledgebase
  • Date changed: 10 months ago

Solution #00006954


Scope: 


 NG Firewall, Firmware 5.4.X


Answer:


If you configure a Site to Site IPsec tunnel, using a local dynamic interface (DSL, DHCP), the service will not bind to those IPs, unless you do the following.

Tech library suggest the following:

?Local IKE Gateway

  • The IP address of the local IKE gateway. If you are using dynamic IP addresses, enter 0.0.0.0/0.?

0.0.0.0/0 is incorrect since NG-admin will not allow you to enter ?/0? ? the entry should just be ?0.0.0.0?





















Also, in order to get this to work, you need to enable the ?Use IPSec dynamic IPs? options located in the ?VPN Server Settings?:

  1. Open the VPN Settings page (Config Full Config > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings).

  2. Click the ?Click here for Server Settings?? blue hyper link.

  3. Click the Advanced tab

  4. In the ?IKE Parameters?, change the ?Use IPSec dynamic IPs? option to ?Yes?

  5. Click ?OK? Send changes and Activate.



































Additional Information:


After making the change you should be able to confirm the change by running the following command:

  • # netstat -tulpen grep ike



Also, in the firewall Live or History tab, you will see connection on port 500


Link To This Page:


https://www.barracudanetworks.com/kb?id=5016000000146w6