Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG125 SFOS 18.0.0 GA-Build321.HF052220.1 v18 to SG430 9.701-6 site-to-site IPSec, issue

MIS

Hello,

i have a problem with site to site vpn from sophos xg to sophos sg,

sophos xg act as initiator and sophos sg as responder, i'm following this KB for IPSec policies configuration https://support.sophos.com/support/s/article/KB-000036746?language=en_US

after config, tunneling is working, i can ping and remote host on XG LAN network from SG LAN network, but i can't ping from XG LAN network to SG LAN Network.

please help on what to check on XG side, already try manual ipsec routing add from XG console(found a troubleshot KB on forum), but still wont work.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  : Thank you for contacting the Sophos Community!

    Is XG running with V17.x ? If yes Please ensure that no gateway has been defined on LAN to VPN and VPN to LAN firewall rule .

    Once you generate PING from machine behind XG machine , what is the TCPDUMP observation on XG GUI packet capture and drop packet observation on CLI console ? Are you able to see ipsec out from XG for the VPN traffic?

    Please check under Diagnostics > Packet Capture whether the traffic is coming in and going out through the IPsec tunnel or not.

    Reference snapshot:



    Command for drop packet:

    Console> drop 'host x.x.x.x  ( Where x.x.x.x is the remote end  (SG end) machine on which are generating PING from XG LAN).

    If packets going out to ipsec, reply packet coming from SG end or not?

  • 0 in reply to Vishal_R

    Hi

    XG is running v18, does troubleshot you mention still apply?

Reply Children