Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN can only reach 1 out of 3 subnet in GCP

Joseph Lim

We have setup our Sophos VPN (Onprem) to Google Cloud Platform (GCP).  We have successfully established connectivity between the both.  We have 1 subnet onprem which is 10.11.0.0/22 and 3 subnets in the cloud.  All icmp has been open for both network to test ping.  We encounter an issue where we are only able to ping 1 of the GCP subnet.  As far as GCP is concerned, there is not much of settings beside Routes.  From the routes, we see all the 3 subnets pointing to the VPN as next hop.

Is there any particular settings we may have missed in Sophos ?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The SA between local subnet on your XG and GCP EIAP and perf subnet did not get created. Without an SA, no IPSec communication besides negotiation would be possible. Can you confirm if there is a local and remote subnet mismatch on either side of the tunnel? 

    If your firewall is running on SFOS v18, I would suggest you configure Route Based VPN. 

    Check out the following document for more info: Create a route-based VPN.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The SA between local subnet on your XG and GCP EIAP and perf subnet did not get created. Without an SA, no IPSec communication besides negotiation would be possible. Can you confirm if there is a local and remote subnet mismatch on either side of the tunnel? 

    If your firewall is running on SFOS v18, I would suggest you configure Route Based VPN. 

    Check out the following document for more info: Create a route-based VPN.

    Thanks,

Children