Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 5683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG-310 to FG-92D - IPSec Tunnel up, some traffic can not pass across tunnel

Sung-Fu Weng

Hi,

Establish IPsec site-to site VPN between HQ office (Sophos XG310) and Branch office (FortiGate 92D).
I confirm that the system routing priority and policies (LAN to VPN and VPN to LAN) are correct.
IPSec tunnel up, some network segments can pass VPN, and some network segments cannot pass traffic.
IKE version:IKEv2
Phase 1
Encryption: AES256 Authectication: SHA512
Encryption: AES256 Authectication: SHA384
Diffie-Hellman Group: 16, 19 and 21
Key lifetime: 5400s
Phase 2
Encryption: AES256 Authectication: SHA512
Encryption: AES256 Authectication: SHA384
Diffie-Hellman Group: 16, 19 and 21
Key lifetime: 3600s



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to LuCar Toni

    Hi,

    The XG firewall only has 10.60.100.X traffic that can pass through the tunnel, but 10.20.1.X and 10.20.100.X traffic cannot pass through the tunnel.

    XG Firewall IPSec VPN Config follow

    XG Firewall Policy follow

    XG Firewall Log follow

     

    FortiGate IPSec VPN Config follow

Children
No Data