AnsweredAssumed Answered

VPN Issue - Wrong IP

Question asked by Matt Dunn on Feb 7, 2019
Latest reply on Feb 7, 2019 by Mark Mitchell


I have a gateway with several VPN's on.  Some via the Internet, and some routed internally via MPLS lines.  These all work fine.  Now I'm trying to set up a new site-to-site VPN and it isn't working.  


Here's what I'm trying to do:


So my peer IP is a DMZ interface -

I'm VPNing to remote peer IP

On the firewall I'm routing via



Firewall-A> show route destination
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive

S via, eth2.105, cost 0, age 279519


I have an existing VPN set up in the same way via a different DMZ interface and that works fine - although I'm reminded that we had exactly the same problem when setting that up, and I fixed it on my side.  I just can't remember what I did to fix it, hence asking for help! 


The problem is that the remote side is seeing me coming from the gateway's public "main IP" - shown as A.A.A.A on the diagram.  In Ikeview I see IP's and in packets 1 to 5, then in packet 6 I'm sending my public A.A.A.A IP to the remote peer.  I don't understand why?



On my gateway I've got VPN link selection set as follows, using the routing table, which is correct.






I can't really alter this otherwise existing VPN's will stop working.


Does anyone know what else I need to do to stop P1 Packet 6 sending my A.A.A.A IP instead of the correct IP?