WatchGuard Support Center

Knowledge Base - Article

 Mobile VPN with SSL user does not get IP address

Products: Firebox & XTM
Operating System: Fireware
Issue Status: Open
Tracking ID: FBX-19219
Status: Open
Resolved In:
When you configure Mobile VPN with SSL, you define a pool of virtual IP addresses. The Firebox assigns an IP address from the virtual IP address pool to each Mobile VPN user, until all of the addresses are in use. There is an issue with the SSLVPN server on the Firebox, however, that causes it to fail to assign the last IP address from the virtual IP address pool you define. For example, if you configure an address pool with a /29 subnet there should be 5 available IP addresses, but only 4 users are able to connect. 

If this occurs, you see an error message that looks like this:

Local3.err sslvpn[27197]: Unable to assign ip address
Edit your Mobile VPN with SSL configuration and set the Virtual Address IP Pool to use additional pool addresses. For example, if you originally configured a /29 subnet, increase the pool to a /28 subnet. The server already limits SSL VPN users based on tunnel seats in your feature key.