Solution #00006954
Scope:
NG Firewall, Firmware 5.4.X
Answer:
If you configure a Site to Site IPsec tunnel, using a local dynamic interface (DSL, DHCP), the service will not bind to those IPs, unless you do the following.
Tech library suggest the following:
?Local IKE Gateway |
|
0.0.0.0/0 is incorrect since NG-admin will not allow you to enter ?/0? ? the entry should just be ?0.0.0.0?
Also, in order to get this to work, you need to enable the ?Use IPSec dynamic IPs? options located in the ?VPN Server Settings?:
Open the VPN Settings page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings).
Click the ?Click here for Server Settings?? blue hyper link.
Click the Advanced tab
In the ?IKE Parameters?, change the ?Use IPSec dynamic IPs? option to ?Yes?
Click ?OK? Send changes and Activate.
Additional Information:
After making the change you should be able to confirm the change by running the following command:
# netstat -tulpen grep ike
Also, in the firewall Live or History tab, you will see connection on port 500
Link To This Page: