Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 28 subscribers
  • Views 28342 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mikrotik and Sophos IPSec Site to Site

NathanOhara

I am having the exact same issue as the below person.

https://community.sophos.com/products/xg-firewall/f/vpn/94105/ipsec-mikrotik-to-sophos-problem

The IPSec tunnel establishes correctly and from the local network behind the Mikrotik can ping the local network behind the Sophos XG Firewall. But from the local network behind the Sophos XG I cannot ping the Mikrotik or the local network behind the Mikrotik. I do not have any policy routes and tried the below command but that did not help.

system ipsec_route add net 192.168.87.0/255.255.255.0 tunnelname <IPSec Tunnel Name>

Any help would be greatly appreciated. Thanks!

 

 




[locked by: SupportFlo at 5:53 PM (GMT -8) on 5 Nov 2018]
Parents
  • 0

    Hi  

    Could you please verify that the Ping local service ACL permission is enabled for your VPN zone? Located in System > Administration > Device Access. As well, what are you able to observe when performing a packet capture for this LAN to VPN ICMP traffc?

    Regards,

    FloSupport | Community Support Engineer

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Ethernet Header
    Source MAC Address:00:22:0d:12:4b:41
    Destination MAC Address: a0:36:9f:bc:de:14
    Ethernet Type IPv4 (0x800)

    IPv4 Header
    Source IP Address:10.0.100.21
    Destination IP Address:192.168.87.1
    Protocol: ICMP
    Header:20 Bytes
    Type of Service: 0
    Total Length: 84 Bytes
    Identification:26043
    Fragment Offset:16384
    Time to Live: 62
    Checksum: 20783

    ICMP Header:
    Type: 8
    Code: 0
    Echo ID: 14654
    Echo Sequence: 5
    Gateway: 0
    Fragmentation MTU: 0
    Checksum: 18087

    Ethernet Header
    Source MAC Address:00:22:0d:12:4b:41
    Destination MAC Address: a0:36:9f:bc:de:14
    Ethernet Type IPv4 (0x800)

    IPv4 Header
    Source IP Address:10.0.100.21
    Destination IP Address:192.168.87.252
    Protocol: ICMP
    Header:20 Bytes
    Type of Service: 0
    Total Length: 84 Bytes
    Identification:8903
    Fragment Offset:16384
    Time to Live: 62
    Checksum: 37672

    ICMP Header:
    Type: 8
    Code: 0
    Echo ID: 14763
    Echo Sequence: 8
    Gateway: 0
    Fragmentation MTU: 0
    Checksum: 31536

     

Reply
  • 0 in reply to FloSupport

    Ethernet Header
    Source MAC Address:00:22:0d:12:4b:41
    Destination MAC Address: a0:36:9f:bc:de:14
    Ethernet Type IPv4 (0x800)

    IPv4 Header
    Source IP Address:10.0.100.21
    Destination IP Address:192.168.87.1
    Protocol: ICMP
    Header:20 Bytes
    Type of Service: 0
    Total Length: 84 Bytes
    Identification:26043
    Fragment Offset:16384
    Time to Live: 62
    Checksum: 20783

    ICMP Header:
    Type: 8
    Code: 0
    Echo ID: 14654
    Echo Sequence: 5
    Gateway: 0
    Fragmentation MTU: 0
    Checksum: 18087

    Ethernet Header
    Source MAC Address:00:22:0d:12:4b:41
    Destination MAC Address: a0:36:9f:bc:de:14
    Ethernet Type IPv4 (0x800)

    IPv4 Header
    Source IP Address:10.0.100.21
    Destination IP Address:192.168.87.252
    Protocol: ICMP
    Header:20 Bytes
    Type of Service: 0
    Total Length: 84 Bytes
    Identification:8903
    Fragment Offset:16384
    Time to Live: 62
    Checksum: 37672

    ICMP Header:
    Type: 8
    Code: 0
    Echo ID: 14763
    Echo Sequence: 8
    Gateway: 0
    Fragmentation MTU: 0
    Checksum: 31536

     

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?