Sophos Firewall

Discussions Ipsec between cyberoam Cr15 and XG firewall can connect but can't ping or browse remote network.

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 27 subscribers
Views 2033 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ipsec between cyberoam Cr15 and XG firewall can connect but can't ping or browse remote network.

Nate Hines over 6 years ago

I have a Ipsec VPN between a cyberoam CR15 and XG firewall The VPN wil activate and connect but I can't ping or browse the remote network.

There is a third site with a second CR15. The VPN between the two Cyberoams works just fine.

This thread was automatically locked due to age.

Parents

0 Michael Wallis over 5 years ago

Hi Nate,

Sounds like a firewall rule on one or both of the routers.

On the Cyberoam, I generally use the wizard to setup Site-Site VPNs as this always seems to work. I also create my own Head Office and Branch Office policies, mainly to set retries to infinite (0).

On the XG there is no wizard, but there is a tick box to setup a firewall rule when you create the VPN. Perhaps ensure that it is ticked.

The other thing I have found is that you may not be able to ping the Cyberoam or Sophos itself due to the settings in Administration -> Device Access. Perhaps have a look in there to ensure that you have ticked Ping / Ping6 for VPN. I have also had a Cyberoam Engineer (back in the old days) tell me that pinging a router over the VPN isn't possible. Not sure what that means as I can ping the router at the other end of the Tunnels I have on Cyberoams. Perhaps he meant if the Administration -> Device Access is set to defaults, or perhaps he meant that you cant ping the other end of a tunnel from the router itself using Diagnostics or Console- I am not sure).

Just tried it on a Sophos to Sophos Tunnel and the router at the other end wouldn't respond to ping requests (it may have Device Access across VPN switched off), but I can ping devices on the remote network. In fact I can use Advanced IP scanner to scan the network and everything is displayed except the router.

Regards

Mike
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Michael Wallis over 5 years ago

Hi Nate,

Sounds like a firewall rule on one or both of the routers.

On the Cyberoam, I generally use the wizard to setup Site-Site VPNs as this always seems to work. I also create my own Head Office and Branch Office policies, mainly to set retries to infinite (0).

On the XG there is no wizard, but there is a tick box to setup a firewall rule when you create the VPN. Perhaps ensure that it is ticked.

The other thing I have found is that you may not be able to ping the Cyberoam or Sophos itself due to the settings in Administration -> Device Access. Perhaps have a look in there to ensure that you have ticked Ping / Ping6 for VPN. I have also had a Cyberoam Engineer (back in the old days) tell me that pinging a router over the VPN isn't possible. Not sure what that means as I can ping the router at the other end of the Tunnels I have on Cyberoams. Perhaps he meant if the Administration -> Device Access is set to defaults, or perhaps he meant that you cant ping the other end of a tunnel from the router itself using Diagnostics or Console- I am not sure).

Just tried it on a Sophos to Sophos Tunnel and the router at the other end wouldn't respond to ping requests (it may have Device Access across VPN switched off), but I can ping devices on the remote network. In fact I can use Advanced IP scanner to scan the network and everything is displayed except the router.

Regards

Mike
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data