Why do I Need a Static External Address?
To make a VPN connection, each device must know the IP address of the other device. If the address for a device is dynamic, the IP address can change. If the IP address changes, connections between the devices cannot be made unless the two devices know how to find each other.
You can use Dynamic DNS if you cannot get a static external IP address. For more information, see About the Dynamic DNS Service.
How do I Get a Static External IP Address?
You get the external IP address for your computer or network from your ISP or a network administrator. Many ISPs use dynamic IP addresses to make their networks easier to configure and use with many users. Most ISPs can give you a static IP address as an option.
How do I Troubleshoot the Connection?
If you can send a ping to the trusted interface of the remote Firebox and to the computers on the remote network, the VPN tunnel is up. The configuration of the network software or the software applications are possible causes of other problems.
For information about VPN troubleshooting tools and strategies, see Monitor and Troubleshoot BOVPN Tunnels.
Why is Ping not Working?
If you cannot send a ping to the local interface IP address of the remote Firebox, use these steps:
- Ping the external address of the remote Firebox.
For example, at Site A, ping the IP address of Site B. If you do not receive a response, make sure the external network settings of Site B are correct. Site B must be configured to respond to ping requests on that interface. If the settings are correct, make sure that the computers at Site B have a connection to the Internet. If the computers at site B cannot connect, speak to your ISP or network administrator.
- If you can ping the external address of each Firebox, try to ping a local address in the remote network.
From a computer at Site A, ping the internal interface IP address of the remote Firebox. If the VPN tunnel is up, the remote Firebox sends the ping back. If you do not receive a response, make sure the local configuration is correct. Make sure that the local DHCP address ranges for the two networks connected by the VPN tunnel do not use any of the same IP addresses. The two networks connected by the tunnel must not use the same IP addresses.