Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 871 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Site-to-site nat site not reachable

Rijsbol

Hello,

A couple of months ago i followed the guide (https://support.sophos.com/support/s/article/KB-000035717?language=en_US) to create a site-to-site vpn.

Because the NAT on FW1 with i was not able to bring up the tunnel. With help from emmosophos i set up the local and remote id. So the tunnel was up.

But i cant reach (ping)  the NAT site (FW1) to the other site FW2. The other direction ping working.

Traceroute cant find the direction.

Please help?



This thread was automatically locked due to age.
Parents
  • 0

    Ideally, the configuration of the firewall rules should fix this and follow the steps in this sophos KB: 

    https://support.sophos.com/support/s/article/KB-000035717?language=en_US

    needed to create specific LAN to VPN && VPN to LAN on each firewall

    Please ensure that IPSec VPN tunnel should be established and LAN-VPN and VPN-LAN firewall rule configured properly at both the firewall end. 

    What is the firmware version? 

    Please share the output of  "ipsec statusall" from both firewalls from the advance console. 

    Please share the output of "tcpdump", "drppkt" from both firewalls from the advance console for the destination IP Address. 

    Let's say that if you are ping destination host 172.16.16.50 from Source host 172.16.10.50 

    Please capture "tcpdump" and "drppkt" for destination host 172.16.16.50 on firewall Sophos XG85

    capturing tcpdump / drppkt using the following link : https://support.sophos.com/support/s/article/KB-000037007?language=en_US

Reply
  • 0

    Ideally, the configuration of the firewall rules should fix this and follow the steps in this sophos KB: 

    https://support.sophos.com/support/s/article/KB-000035717?language=en_US

    needed to create specific LAN to VPN && VPN to LAN on each firewall

    Please ensure that IPSec VPN tunnel should be established and LAN-VPN and VPN-LAN firewall rule configured properly at both the firewall end. 

    What is the firmware version? 

    Please share the output of  "ipsec statusall" from both firewalls from the advance console. 

    Please share the output of "tcpdump", "drppkt" from both firewalls from the advance console for the destination IP Address. 

    Let's say that if you are ping destination host 172.16.16.50 from Source host 172.16.10.50 

    Please capture "tcpdump" and "drppkt" for destination host 172.16.16.50 on firewall Sophos XG85

    capturing tcpdump / drppkt using the following link : https://support.sophos.com/support/s/article/KB-000037007?language=en_US

Children
No Data