Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 6670 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN Traffic passes but unable to see computers & printers

stcmb

We are setting a S2S tunnel with a XG105 and a XG85 so the two offices can talk.

I setup the Tunnel, its active and connected. Using the information I found on these KB's, as well (https://community.sophos.com/products/xg-firewall/f/vpn/92867/ipsec-site-to-site-vpn-connects-but-no-traffic-passes)

I can ping both ways, but I cannot get any devices on either end to see each other. 

Home office uses 192.168.1.0 scheme and remote office uses 192.168.2.0 scheme. Both the XG gateways are .1. When I am in the advanced console on the home firewall I can ping the remote xg no problem as well.

The routing table looks fine from what I can see. We have a networked printer with a static IP on the remote office they want to print to but I cannot get any computers in the home office to see the printer or the computer. I have to use the SSL VPN client on the single computer to even be able to RDP or anything other than just ping back to home office.


Now the super weird part, if I enable the tunnel and browse to the REMOTE OFFICE firewall (192.168.2.1) from the HOME OFFICE (192.168.1.1) from my browser, it takes me to the HOME office firewall. I think something in the routing might be messed up, but I am not sure where to look.

 

Thank you,

Steve

EDIT: Should also mention its a IPSEC Connection



This thread was automatically locked due to age.
  • 0

    Hey  

    • How does your routing table look on both sides? (route -n on the advanced console)
    • What path is taken when you perform a traceroute across the tunnel to the other site?
    • What are you able to observe if you perform a packet capture on the GUI of both XG's for this IPsec traffic?
      • You should see the traffic enter the tunnel, arrive, and be accepted on the other XG site.

    Regards,

  • 0 in reply to FloSupport

    Quick update. I reset the connection using the wizard, and now the COMPUTER at the branch office can RDP to the Home Office just fine. However no one at the home office can see the printer at the remote office. It has a static IP address and can be seen by the BRANCH OFFICE computers. here are the routes from both firewalls:

     

    Home office routing table:

     

     

     

    Brand Office Routing Table:

     

    Again, I can see the home office server through RDP FROM the branch office, but NONE of the computers on the home office can see the printer on the LAN at the branch office with the static IP of 192.168.2.200. The Remote office can see it just fine.

  • 0 in reply to stcmb

    Hey  

    Thank you for providing these screenshots. Would it be possible to enable the support access tunnel on both of your appliances and PM me with the ID's for further investigation?

    Thanks!

  • 0 in reply to FloSupport

    When I get back to the office I will do that.

    Expect a PM in about - 15 minutes

    Thank you very much.