Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 2031 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ipsec between cyberoam Cr15 and XG firewall can connect but can't ping or browse remote network.

Nate Hines

I have a Ipsec VPN between a cyberoam CR15 and XG firewall The VPN wil activate and connect but I can't ping or browse the remote network.

There is a third site with a second CR15. The VPN between the two Cyberoams works just fine.



This thread was automatically locked due to age.
  • 0

    Hi Nate,

    Sounds like a firewall rule on one or both of the routers.

    On the Cyberoam, I generally use the wizard to setup Site-Site VPNs as this always seems to work. I also create my own Head Office and Branch Office policies, mainly to set retries to infinite (0).

    On the XG there is no wizard, but there is a tick box to setup a firewall rule when you create the VPN. Perhaps ensure that it is ticked.

    The other thing I have found is that you may not be able to ping the Cyberoam or Sophos itself due to the settings in Administration -> Device Access. Perhaps have a look in there to ensure that you have ticked Ping / Ping6 for VPN. I have also had a Cyberoam Engineer (back in the old days) tell me that pinging a router over the VPN isn't possible. Not sure what that means as I can ping the router at the other end of the Tunnels I have on Cyberoams. Perhaps he meant if the Administration -> Device Access is set to defaults, or perhaps he meant that  you cant ping the other end of a tunnel from the router itself using Diagnostics or Console- I am not sure).

    Just tried it on a Sophos to Sophos Tunnel and the router at the other end wouldn't respond to ping requests (it may have Device Access across VPN switched off), but I can ping devices on the remote network. In fact I can use Advanced IP scanner to scan the network and everything is displayed except the router.

     

    Regards

    Mike  

  • 0

    Hi  

    Please initiate the ping from the user system behind the Cyberoam and try packet capture utility and capture packets and check whether traffic is being sent out from the ipsec interface or not. You capture the dropped packet from the Cyberoam CLI console. Same procedure at XG firewall side.

    In the packet capture use string host <IPaddress of the remote system>, please share the output. Please verify that VPN to LAN and LAN to VPN firewall rule are in place or if you have specified the networks in the existing firewall rules for VPN, please allow networks added in IPsec configuration for Cyberoam and XG.