Sophos XG VMs IPsec tunnel established but hosts behind the firewalls can't ping each other.

Question

Hello Teams, My very first post regarding issue I am having with the home lab I built. Running 2 identical Sophos VMs on Hyper-V + few VMs each behind the XGs I was able to successfully configured IPsec tunnel between 2 XGs successful I can ping from host at one end to the other end XG WAN IP and LAN IP but I can't ping the host behind the LAN Interface if the other XG. 
 Ref. image below: e.g. Win10_Powershell PC on the left can ping > SophosXG05 > 10.0.0.1 (Internet) > 10.0.0.45 (SophosXGHome WAN) > 172.16.16.16 but not 172.16.16.50 (win 10 PC) I don't know what am I missing here.........

BongBong · Accepted Answer

Hello Friends, I finally able to fix the issue I disabled most of the rules that created earlier and follow the steps in this sophos KB: 
 https://support.sophos.com/support/s/article/KB-000035717?language=en_US 
 
 needed to create specific LAN to VPN && VPN to LAN on each firewall and voalah! Thank you all for your warm reception and assist! Kind Regards, Raymond

FormerMember · Answer

Hey BongBong , Welcome to Sophos Community. Make sure that the Sophos XG-Home (172.16.16.16) has the VPN to LAN rule configured to allow inbound traffic from IPSEC VPN to the Firewall's LAN. Also at times, the Windows firewall blocks ICMP packets,. So ensure that you're able to ping 172.16.16.50 from any other machine in the same LAN

Sophos XG VMs IPsec tunnel established but hosts behind the firewalls can't ping each other.

Top Replies