I am facing a very weird issue between 2 Sophos XG devices and IPSEC. Hoping someone can help me in diagnosing this. I spent a total of 8 hours and I am not getting anywhere.
HO
Sophos XG
192.168.10.1/24 subnet
BO
Sophos XG
192.168.20.1/24 subnet
Connectivity Diagram
HQ BO
Server >> Sophos XG >>>> IPSEC VPN <<<< Sophos XG <<<< Client PC
We have our AD, DNS, etc at the headoffice. Setup a IPSEC VPN between both branches using this guide https://community.sophos.com/kb/en-us/123140 Tunnel is up, I can ping all host at the HO. I can resolve DNS using the dns servers at HO. FIrewall rules are configured for any service and all traffic to figure out the problem. No ports are blocked.
From the branch office, If i try to access a mapped drive which is mapped to S letter at \\server01\shared$ I cannot get any access. If I try to browse the drive by going to \\192.168.10.5\shared$ no access. If i try to browse to \\server01\ or \\192.168.10.5\ I can see the netlogon and another folder. The other shares are hidden and can only be accessed by direct path.
Sophos XG firewall is configured to hand out DHCP and DNS address. Gateway handed out in Sophos LAN IP. DNS Handed out is the IP for servers at HQ. Example 192.168.10.6 and 192.168.10.7
I can resolve each and every single host at HO with nslookup, ping or on any other ports. Inititally I had problem joining computers to domain which i resolved by implementing the route using thsi KB Article https://community.sophos.com/kb/en-us/123334
If you think this is bad wait till you hear the next part
Connectivity Diagram
HQ BO
Server >>>>> Sophos XG >>>> IPSEC VPN <<<< SOphos XG <<<< Wireless AP <<<< Client
I have a cheap wireless access point at the branch office. When I connect the laptop to via wireless to this device. I can access the \\server01\shared$ or \\192.168.10.5\shared$ when connecting via wireless which is routing the connection through the same Sophos firewall at BO I am not facing any issues. I just can't get my head around it.
One thing I notice is that when I connect directly to Sophos XG I get following IP
IP : 192.168.20.50
Subnet : 255.255.255.0
Gateway : 192.168.20.1
DNS 1 : 192.168.10.6
DNS 2 : 192.168.10.7
If I connect through the wireless AP at the BO it runs its own DHCP which again forwards everything to Sophos at BO. IP I get is
IP : 192.168.25.50
Subnet : 255.255.255.0
Gateway : 192.168.25.1
DNS 1 : 192.168.25.1
DNS 2 : 192.168.10.6
DNS 3 : 192.168.10.7
DNS 4 : 8.8.8.8
Anyone has any ideas here? Same Sophos XG Firewall when connecting directly through it I cannot access the shared folder. Connecting through the wireless which in turn goes through the same Sophos Firewall, I have no issues accessing anything.
You think I am done, not even close. At the HO I have 2 different file servers. Going through Sophos XG directly I am having the above problem with only 1 file server and not with the 2nd server. Going throgh the wireless I have no issues with any server.
I am at my wits end here and hoping someone has some information on where I should start looking.
Thank you for help.
This thread was automatically locked due to age.
