Hey,
I would like to connect to a remote server via VPN. The s2s connection works but Iam unable to reach the server on the other side (the remote site is one host only).
I can see that the outgoing traffic goes through the firewall rule LAN to WAN, if I will connect from the local subnet 172.20./16 to the remote server 172.20.200.49.
So whats missing / wrong? Do I have to create a further rule/route - where ?
Thanks in advance!
Hi Keyur,
first, thanks for your time!!
May be this graphic will help to understand the problem:
The gateway VPN IPSec configuration is as follows:
The Firewall Rule LAN to VPN:
VPN to LAN:
Regards
Philipp
Hi Philipp Marx
Thank for providing the details diagram.
Is there any specific requirement to use a 10.200.206.0/24 network for VPN communication?
We can get it to work by adding network 172.20.0.0/16 as Local subnet and 172.27.200.49/32 as a remote subnet in the IPsec VPN configuration.
If routes are added for the network 172.20.0.0/16 in XG firewall and it's reachable (I am assuming it is).
In LAN to VPN rule, you do not require to specify any network, keep it "ANY" for Source and Destination network.
Second Scenario
If you wish to NAT the traffic of the network 172.20.0.0/16 with 10.200.206.0/24
In the IPsec configuration
Local Subnet - 172.20.0.0/16
Remote Subnet- 172.27.200.49/32
Enable NAT- It will show 172.20.0.0/16 by default and NAT to select 10.200.206.0/24
It will NAT outbound VPN traffic from 172.20.0.0/16 network to 10.200.206.0/24 network
You can use troubleshooting guide- https://community.sophos.com/kb/en-us/123320
