This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT host rule and VPN IPSec

Hi,

we have a setup where we have a headoffice with one AD controllers and a branchoffice with one AD controller. headoffice and branchoffice are connected via site-to-site VPN with two XG 135 firewalls.

I need to access the AD controller in the headoffice via RDC from remote locations. I created the rule for that and it works.

however, now the server cannot communicate with the branchoffice via the IPsec connection.

I guess this is because of the NAT rules associated with the server, because all other hosts in the headoffice can communicate with the branchoffice.

Can I have both? RDC to the AD controller in headoffice and communiocation via IPSec between the 2 AD controllers?

I tried with an exculsion on the DNAT rule but did not get anywhere so far.

Thanks for any tips and hints.

Have a great weekend.

b.

This thread was automatically locked due to age.

0 emmosophos over 3 years ago

Hello Bruce,

Thank you for contacting the Sophos Community.

Did this issue start happening right after you created the RDP rule for the AD server?

If you do a GUI Packet Capture for the traffic coming from the Headoffice Server on the Branch office firewall, what rule is the traffic hitting?

Regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 brucepott over 3 years ago in reply to emmosophos

Thansk a lot for your reply.

yes, I actually created the RDP rule first, then the VPN. Maybe I will delete the RDP rule and all associated NAT rules, then try again.

With the packet capture on the branchoffice firewall the traffic from the server hits rule 7 which is the OUTBOUND_Headoffice rule
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 3 years ago in reply to brucepott

Actually from this perspective, it looks good. Check the other end in the packet capture, if you see any kind of traffic changes.
Cancel
Vote Up 0 Vote Down

Cancel