DNS over IPsec client

Which version do you use? Is the IP, you are using, also included in the IPsec site to site connection (SA)? 

I use the newest.

No the ip is Not included, so i Need the nat.

On the old UTM it worked with Masq.

Hello,

Under Original source, make sure that #IPsec_FL isn’t a #Port object, but a Network.

Regards,

IPSec Pool is a Netzwerk 10.50.0.0/24

Its not. Your object is a #Port Object, which only is the Interface as a IP. 

XG only has the UTM Interface (Address) object. 

Simply use VPN and ANY and it should work. 

Source is 10.50.0.0/24 my IPSEC Pool

an Sophos-Fischerlogistik is 192.168.12.254 ist Port from the local Netzwork 192.168.12.0/24

Here the NAT Rule

with any any it doesnt work either

We are talking about the firewall rule. 

Ok. But the Firewallrule seem to be not the Problem, see the log. 

But i cant get to the 192.168.19.0 Network

With Any like it doesnt work either

Here the firewall Rule

There is a NAT and a Firewall rule. Which one are those rules? 

i edited the posts.

first was nat

second was firewall

If you change the NAT from outbound interface to ANY, does it NAT the traffic? 

The Traffic capture log in webadmin should indicate, if a NAT + Firewall hit or not. Work torwards the results there, if you find the non matching rule there. 

Please ensure that you've added an IPsec route in CLI.

console> system ipsec_route add net 192.168.19.0/255.255.255.0 tunnelname IPsecTunnel
console>
console> system ipsec_route show
tunnelname host/network netmask
IPsecTunnel 192.168.19.0 255.255.255.0

NAT and firewall rule configuration may look like below.

NAT rule:

Firewall rule:

Please ensure that you've added an IPsec route in CLI.

console> system ipsec_route add net 192.168.19.0/255.255.255.0 tunnelname IPsecTunnel
console>
console> system ipsec_route show
tunnelname host/network netmask
IPsecTunnel 192.168.19.0 255.255.255.0

NAT and firewall rule configuration may look like below.

NAT rule:

Firewall rule:

Hallo

you can See exact the Same Rules from upon.

i should add per cli a Route too?

i added with cli but it doesnt work. the nat rule workes in the capture log but i cant reach or ping it

Just to be sure, Firewall Rule 14 and NAT Rule 4 are those exact Rules shown by your screenshots? 

Yes, they are Firewall Rule 13 and NAT Rule 4 like the pictures from me.

Seems like the route is not applied yet. Whats the difference between the time frame of the commands and your current log viewer? Because the outbound interface should be IPsec0. Thats an indication, the route is not applied, could be a old connection. You could flush the table or wait until the connection disconnects and retry. 

Can somebody help me with TeamViewer or somerhing else

Please open a Support Case for Remote assistance. 

Now its working after a reboot of the XG135.

Thanks
The Problem was the route over cli