Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 672 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT host rule and VPN IPSec

brucepott

Hi,

we have a setup where we have a headoffice with one AD controllers and a branchoffice with one AD controller. headoffice and branchoffice are connected via site-to-site VPN with two XG 135 firewalls.

I need to access the AD controller in the headoffice via RDC from remote locations. I created the rule for that and it works.

however, now the server cannot communicate with the branchoffice via the IPsec connection.

I guess this is because of the NAT rules associated with the server, because all other hosts in the headoffice can communicate with the branchoffice.

Can I have both? RDC to the AD controller in headoffice and communiocation via IPSec between the 2 AD controllers?

I tried with an exculsion on the DNAT rule but did not get anywhere so far.

Thanks for any tips and hints.

Have a great weekend.

b.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Bruce,

    Thank you for contacting the Sophos Community.

    Did this issue start happening right after you created the RDP rule for the AD server?

    If you do a GUI Packet Capture for the traffic coming from the Headoffice Server on the Branch office firewall, what rule is the traffic hitting?

    Regards,

  • 0 in reply to emmosophos

    Thansk a lot for your reply.

    yes, I actually created the RDP rule first, then the VPN. Maybe I will delete the RDP rule and all associated NAT rules, then try again.

    With the packet capture on the branchoffice firewall the traffic from the server hits rule 7 which is the OUTBOUND_Headoffice rule

Reply
  • 0 in reply to emmosophos

    Thansk a lot for your reply.

    yes, I actually created the RDP rule first, then the VPN. Maybe I will delete the RDP rule and all associated NAT rules, then try again.

    With the packet capture on the branchoffice firewall the traffic from the server hits rule 7 which is the OUTBOUND_Headoffice rule

Children