We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here:
https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/
And under Remote peer IP address in Interconnect/VPN section of the the GCP console we get this in the (!) pop-out:
"The VPN gateway is not receiving packets from the remote peer. The remote peer might not be configured or configured with an incorrect IP."
We have triple checked that the remote peer IP is correct.
And in the GCP logs we get:
textPayload: "establishing IKE_SA failed, peer not responding"
Here is GCP's Creating a VPN documentation:
https://cloud.google.com/vpn/docs/how-to/creating-vpns
Here is WatchGuard's BOVPN documentation:
https://www.watchguard.com/help/docs/fireware/12/en-US/Content/en-US/bovpn/manual/bovpn_manual_about_c.html
When we ping the network static IP of the VPN from a command window from my workstation, we get replies.
When we ping the IP of a Compute Engine instance, we don't get replies.
The instance doesn't have an external IP, which is the way we want it, so we can't ssh to the instance to ping from there, or I would.
We all think we are not receiving anything from either site.
Any ideas what could be causing this? Any troubleshooting ideas? I'm more of a programmer than and IT guru. I am sure you need more than what I gave you here. What else do you need?
Best Answer
last night I:
This morning, in order, I:
Note: I didn't do anything to the vpn, firewall, network, etc.
And the VPN suddenly worked. Recreated instances from images from a few days ago and everything is communicating
PS - this isn't a very satisfactory answer, but it was my accidental "solution". Better answers welcome, will give cred.
Edit 1: to clarify, I didn't check the status of the vpn until all of the tasks above were completed, so I don't know which one(s), if any, fixed the issue.