VPN Site-to-site nat site not reachable

Question

Hello, 
 A couple of months ago i followed the guide ( https://support.sophos.com/support/s/article/KB-000035717?language=en_US ) to create a site-to-site vpn. 
 Because the NAT on FW1 with i was not able to bring up the tunnel. With help from emmosophos i set up the local and remote id. So the tunnel was up. 
 But i cant reach (ping) the NAT site (FW1) to the other site FW2. The other direction ping working. 
 Traceroute cant find the direction. 
 Please help?

NM_1987 · Answer

Ideally, the configuration of the firewall rules should fix this and follow the steps in this sophos KB: 
 https://support.sophos.com/support/s/article/KB-000035717?language=en_US 
 needed to create specific LAN to VPN && VPN to LAN on each firewall 
 Please ensure that IPSec VPN tunnel should be established and LAN-VPN and VPN-LAN firewall rule configured properly at both the firewall end. 
 What is the firmware version? 
 Please share the output of "ipsec statusall" from both firewalls from the advance console. 
 Please share the output of "tcpdump", "drppkt" from both firewalls from the advance console for the destination IP Address. 
 Let's say that if you are ping destination host 172.16.16.50 from Source host 172.16.10.50 
 Please capture "tcpdump" and "drppkt" for destination host 172.16.16.50 on firewall Sophos XG85 
 capturing tcpdump / drppkt using the following link : https://support.sophos.com/support/s/article/KB-000037007?language=en_US

VPN Site-to-site nat site not reachable

Top Replies