IPSEC Site 2 Site - Unable to ping one machine

When I open a backup of the configuration, inside there's a file called "db.dump". When I open this file with a text editor I can find this line :

COPY tblcrtrafficnat (id, destinationip, destinationmask, interface, snatip) FROM stdin;
1    192.168.1.2    255.255.255.255    \N    192.168.0.1
\.

So there's a snat rule somewhere which is causing my problem. But I can't see where and how to delete it.

When I open a backup of the configuration, inside there's a file called "db.dump". When I open this file with a text editor I can find this line :

COPY tblcrtrafficnat (id, destinationip, destinationmask, interface, snatip) FROM stdin;
1    192.168.1.2    255.255.255.255    \N    192.168.0.1
\.

So there's a snat rule somewhere which is causing my problem. But I can't see where and how to delete it.

Hi Christian Fournier,

Thank you for reaching out to the Community! 

Run a packet capture on both firewalls on the destination IP address to identify the firewall rule. 

• Monitor traffic using Packet Capture Utility in the Sophos XG Firewall GUI

Thanks,

Hi,

Problem solved :  

• went to console / option 4. Device console:
  • show advanced-firewall
• there was a rule under "NAT Policy for system originated traffic" with the faulty IP for SNAT IP
• deleted the rule :
  • set advanced-firewall sys-traffic-nat delete destination 192.168.1.2 snatip 192.168.0.1
• added a new correct rule :
  • set advanced-firewall sys-traffic-nat add destination 192.168.1.0 netmask 255.255.255.0 snatip 192.168.3
• done !

Thanks.