Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 606 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Site 2 Site - Unable to ping one machine

Christian Fournier

Hi Sophos community,

I've got a weird problem with an IPSEC Site to site VPN.

  • Site 1 : XG86 lan 192.168.3.1, network 192.168.3.0/24
  • Site 2 : XG125 lan 192.168.1.1, network 192.168.1.0/24

From XG86 in site 1, I can ping every machine in site 2, except one (192.168.1.2) !

When I do a packet capture, I can see that for this particular IP (192.168.1.2), source is set at 192.168.0.1, instead of 192.168.3.1 This router had previously this IP, but it was changed for 192.168.3.1, and I cannot see any hints for it in the graphic interface.

Any idea to overcome this ?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to FormerMember

    Hi,

    Problem solved :  

    • went to console / option 4. Device console:
      • show advanced-firewall
    • there was a rule under "NAT Policy for system originated traffic" with the faulty IP for SNAT IP
    • deleted the rule :
      • set advanced-firewall sys-traffic-nat delete destination 192.168.1.2 snatip 192.168.0.1
    • added a new correct rule :
      • set advanced-firewall sys-traffic-nat add destination 192.168.1.0 netmask 255.255.255.0 snatip 192.168.3
    • done !

    Thanks.

Children
No Data