I have two routers with XG firewall at my disposal. On the old one running XG ver. 17.5 everything works fine. On the new router running XG 18 - after importing the configuration from the old router - the same IPSec site-to-site connections only work one way.
The symptoms are as follows:
- IPSec tunnel is setting up correctly,
- remote device can ping XG and devices behind XG in the local LAN,
- while pinging the remote device from the XG management console, packets are sent from WAN interface instead of the router local interface.
Where could be the cause of the problem?
Configuration:
local router IP: 172.16.16.20
local LAN: 172.16.16.0/24
remote router IP: 10.0.43.1
remote LAN: 10.0.43.0/24
Console ping to remote device:
XG230_WP02_SFOS 18.0.4 MR-4# ping 10.0.43.1 -i 172.16.16.20
PING 10.0.43.1 (10.0.43.1) from 172.16.16.20: 56 data bytes
^C
--- 10.0.43.1 ping statistics ---
28 packets transmitted, 0 packets received, 100% packet loss
XG230_WP02_SFOS 18.0.4 MR-4#
Packet capture:
Ethernet header
Source MAC address:
Destination MAC address:
Ethernet type IPv4 (0x800)
IPv4 Header
Source IP address:213.189.37.142
Destination IP address:10.0.43.1
Protocol: ICMP
Header:20 Bytes
Type of service: 0
Total length: 84 Bytes
Identification:8911
Fragment offset:16384
Time to live: 64
Checksum: 59277
ICMP Header:
Type: 8
Code: 0
Echo ID: 53003
Echo sequence: 21
Gateway: 0
Fragmentation MTU: 0
Checksum: 25922
Ping from remote device to XG:
[xxx@AGORA] > ping 172.16.16.20 src-address=10.0.43.1
SEQ HOST SIZE TTL TIME STATUS
0 172.16.16.20 56 64 7ms
1 172.16.16.20 56 64 7ms
sent=2 received=2 packet-loss=0% min-rtt=7ms avg-rtt=7ms max-rtt=7ms
VPN configuration:
On my good old router on IP address 172.16.16.15 the same ping is working correctly:
This thread was automatically locked due to age.
