Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1288 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Resolved] How to ssh into Core switch from Mgt PC, using XG210 to perform InterVLAN routing

SHtan

Hello all,

I'm stuck at the following, hope to get the community's help.

I have the following network configured. I am trying to ssh into the CORE SWITCH from the MGT PC but to no avail. XG210 is currently configured to perform InterVLAN routing via firewall rule.

Firewall rule is currently set as:

Source Zone: LAN, Source networks and devices: Management hosts (represents 192.168.1.128/29 network)

Dest Zone: LAN, Dest networks and devices: Logging hosts (represents 192.168.1.80/28 network), Any services

There are no static routes in the XG210 firewall.

I am able to ssh/ping from the MGT PC to Management Switch

I am able to ssh/ping from the MGT PC to Sophos XG210

I am not able to ssh or ping from the MGT PC to the Core Switch - How can i make this happen?

Subsequent checks

1. Checking the Log viewer shows the XG210 permits the ssh connection from MGT PC (src ip:192.168.1.131) to CORESWITCH (dst ip: 192.168.1.86). From the MGT PC, Putty gave "Network error: Connection timed out" as an error. Could this be a routing issue?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hello Yash, I do have a question regarding SSH from

    1. MGT PC to the Management Switch

    2. MGT PC to Core Switch.

    I keep getting Invalid Traffic errors on Sophos XG210 which has the following error messages "Invalid packets" or "Invalid TCP state". Notably the In interface or/and Out Interface is listed as empty, which give rise to the above error messages. Any ideas how i can overcome these error messages?

    Update

    I've further tested this. From the XG210, I am able to connect to any hosts on the CORE SWITCH and any hosts on Management Switch, apart from SSH. That is to say I can

    A. connect via HTTP/HTTPS from the MGT PC to any host on the Management Switch

    B. I cannot connect via SSH from the MGT PC to the Management Switch interface IP (192.168.1.82)

    C. I can connect via SSH from the MGT PC to the CORE SWITCH (192.168.1.86).

    For instance B. I see the SSH packets were denied by XG210 as they do not have the In interface and Out interface. Strange, HTTP/HTTPS connections have the In interface and Out Interface.

    Stumped!

  • FormerMember
    0 FormerMember in reply to SHtan

    Please follow the below steps and share the session output here or in PM.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'host 192.168.1.xx and port 22 -e

    or

    console> tcpdump 'host 192.168.1.xx -e

    Replace xx with correct switch IP address

    ==> In other SSH session, check drop-packet-capture

    console> drop-packet-capture 'host 192.168.1.xx and port 22

    or

    console> drop-packet-capture 'host 192.168.1.xx