Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 27 subscribers
  • Views 1337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Do i need static routing rule? Cannot reach subnet from Branch Office

Simon-Timothy Folaji

Hello community,

my setup is as followed:

Main Site: 10.1.0.0/23 (LAN Port1)

VLAN 100 (LAN Port1.100) on Sophos XG (Gateway: 172.31.100.1)

VOIP-Network: 172.31.100.0/24

VOIP-Server: 172.31.100.220

Branch Office A: 10.1.3.0/24

Branch Office B 10.1.4.0/24

Problem:

I want to use VOIP-Phones in my Branch Office B which i can´t. I have checked the FW-Policy (LAN to LAN), which is correct (green in logviewer). I cannot ping the VOIP-Server from within the Branch Office B, but i can ping it when i´m connected via sslvpn (Rule Policy LAN to LAN applies here). The strange thing is that i CAN ping VOIP phones (e.g. 172.31.100.106) from the branch office B but NOT the VOIP-Server itself (172.31.100.220) ?? Makes absolutely no sense. I can also ping the VOIP-Networks gateway which is 172.31.100.1 (the virtual port on the XG).

What am i doing wrong? Do i need a specific route for the traffic to reach the Branch Office?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Simon-Timothy Folaji

    Hi  

    As per the diagram Branch sites are connected with the RED device.

    Please make sure that LAN to VLAN and VLAN to LAN firewall should be required NAT (MASQ) can be toggled.

    tcpdump on the VoIP server IP and Branch system IP would be helpful to analyze the traffic flow.

    Please login to SSH console

    execute the command tcpdump 'host <VoIP server IP> and host <Branch system IP>

    Please share the output and also share the static route configuration details.

Children