Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Machines from the filia company do not authenticate to the domain controller over the VPN.

IvanildoGalvão

Hello everyone, I have a very strange problem with the scenario of a client, VPN closed ok, it has file traffic, system, ping, but active directory is having a problem. The branch machines do not authenticate to the headquarters AD server, in the Sophos XG logs in the branch, I am seeing several traffic denied events on LDAP port 389, which is strange. Site-to-Site VPN is ok, firewall rules and static routes for networks on both sides, which I created using system ipsec_route command.

Any idea ?

Logs in Sophos XG of the subsidiary company.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to FormerMember

    I performed these actions:

    connsole> system ipsec_route add host 192.168.7.1 tunnelname IPSEC_Matriz

    console> set advanced-firewall sys-traffic-nat add destination 192.168.7.1 snatip 192.168.6.254

    192.168.6.254 is IP address of XG Branch Office.

    The branch office machines can open files on the domain controller server qur is in the main office, can access for example \\192.168.7.1\c$, can ping, can also query DNS correctly, but can not join the domain.

    Now a strange thing I noticed, is that the domain has no FQDN name, just simple name 'VCL', that is, wrong in my opinion, when it comes to an Active Directory domain.

    But it was working when the customer was using two Endian firewalls, with OpenVPN Site-to-Site.

Children