This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site VPN behind a ISP router

Hi,

I am trying to set up a site-to-site between two sites.

the branch office has an ISP router that gets a public IP address and XG stays behind this. XG gets an IP address 192.168.1.250 on WAN port from the ISP router (192.168.1.1). LAN IP is 192.168.10.254

I managed to establish the connection but from head office to branch office there is no traffic going out. Only branch office to head office traffic works.

This thread was automatically locked due to age.

Parents

0 FormerMember over 3 years ago

Hi, Thanks for reaching out to Sophos Community.

Make sure that the LAN to VPN rule is configured on the Branch firewall and If the Head office also has the XG device then ensure VPN to LAN rule over there as well.

If the Firewall rules are in place, then take a GUI packet capture (Diagnostics > Packet Capture).

Enter the BPF string --> host x.x.x.x and proto 1 (replace x with the IP address you're pinging)

Save the capture, Run the ping from a branch machine, and hit refresh on the GUI capture. Share the snapshot
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 3 years ago

Hi, Thanks for reaching out to Sophos Community.

Make sure that the LAN to VPN rule is configured on the Branch firewall and If the Head office also has the XG device then ensure VPN to LAN rule over there as well.

If the Firewall rules are in place, then take a GUI packet capture (Diagnostics > Packet Capture).

Enter the BPF string --> host x.x.x.x and proto 1 (replace x with the IP address you're pinging)

Save the capture, Run the ping from a branch machine, and hit refresh on the GUI capture. Share the snapshot
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data