Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 8930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with vpn site to site with cisco rv042 outbound traffic

CIMD

Hi there,

I created a site to site vpn from my sophos xg 135 to a cisco rv042 router. I can ping from the cisco side to LAN but cannot ping from LAN to cisco side.
I created two firewall rules, inbound and outbound traffic, I also created a firewall rule in the cisco to allow traffic from my public IP but still no luck... In the sophos firewall LOG I can see that the traffic is allowed.

My local LAN in sophos is 192.168.4.0 and in the cisco side is 192.168.1.0, here are the rules

Is there anything obvious I'm missing?

Would really aprreciate your help!



This thread was automatically locked due to age.
  • 0

    Hey  

    Welcome to the Sophos Community!

    Could you please verify that ping is allowed for your VPN zone in your Local Service ACLs? (In the XG Admin page: System > Administration > Device Access)

    Also on the Cisco side, are you able to verify that this XG LAN-generated traffic is passing through the IPsec tunnel and being allowed by the Cisco device?

    Regards,

  • 0 in reply to FloSupport

    Hi!

    1) Yes, ping is allowed on the VPN zone

    2) Here is what I found out,

    From the cisco side, I can ping to sophos with or without the cisco firewall rules, it works fine with the vpn by itself and when I activate the firewall rules it's the same, the only difference is that I can see it on the firewall log
    But I can ping with the firewall cisco rules on or off (inbound and outbound rules)

    From the sophos side I found out that I can ping some of the ip's on the cisco side, but there is no relationship in the type of computers I can ping, or the IP range, seems random.
    For example I can ping the computer on 192.168.1.130 (tho the ms is really high, 100+)  but I cannot ping the 192.168.1.200 ,  and again it doesn't matter if I have active the cisco firewall rules or not

    When I disconnect the VPN ipsec connection I can no longer ping from either side... so this must mean that the traffic is passing through the tunnel,

    any thoughts?

  • 0 in reply to CIMD

    Hey  

    This "random" behavior could be due to the configuration (endpoint software, windows firewall) of the individual Cisco-side computer blocking ICMP from other networks. Have you tried passing other types of traffic? (FTP, SSH, Telnet, RDP)

    Regards,

  • 0 in reply to FloSupport

    Hi,

    So the problem is with the devices firewall, as you said, I made a succesfull connection with rdp, and when I turn off the windows firewall it recieves ping.

    Thanks for your time!