Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1505 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cant access to ipsec vpn tunnel from pc/vlan (but from firewall i can ping it)

Patrick Merkel

Hello,

i have a problem on a XG330 (SFOS 18.0.5 MR-5-Build586). 

I have created a VPN IPsec (site to site). Sophos says its activ, also connection is green. I can ping the tunnel from the sophos without problem.

When iam in the VLAN 192.168.100.0 , i cant ping or access the tunnel, but i created all hosts/subnets and firewall rules to the tunnel, and dont know why its not working out of the vlan.



This thread was automatically locked due to age.
Parents
  • 0

    Check the packet capture of this firewall, if the correct firewall rule hits and the traffic is routed. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    the problem is, we dont see a packet in the log when we ping or want to access the vpn.

  • 0 in reply to Patrick Merkel

    If packet capture do not see any packets, basically the firewall does not see the packet. Seems like this issue is not a firewall issue, instead a VLAN / Switch issue. Packet capture is a filter on the interface. Basically before anything else can alter the packet. Therefore check the switch ,if there is a invalid VLAN config. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    but why is this only on vpn ipsec? all is working fine in the vlan! SSL VPN is working fine. But for this solution is ipsec needed.

  • 0 in reply to Patrick Merkel

    I cannot see the relationship between those? If the Firewall does not see packets, as you mentioned, the client is not sending it to the firewall. There is a reason behind this, you should figure out, which does not seems to be related to the firewall.

    Of course this is only true, if the packet capture does not show any packets at all. This is the first step to check. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to Patrick Merkel

    I cannot see the relationship between those? If the Firewall does not see packets, as you mentioned, the client is not sending it to the firewall. There is a reason behind this, you should figure out, which does not seems to be related to the firewall.

    Of course this is only true, if the packet capture does not show any packets at all. This is the first step to check. 

    __________________________________________________________________________________________________________________

Children
Cookie Information Banner