Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 524 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

lPSEC SITE 2 SITE TUNNEL NOT CARRYING FOR ONE PRIVATE SUBNET TRAFFIC WHILE OTHER SUBNET IS WORKING on Sophos XG Firewall Home Use Edition.

Muhammad Waqas1

THESE ARE THE LAN 2 LAN SUBNETS OF SITE 2 SITE IPSEC VPN ON THE SOPHOS SIDE.AFTER THE UPGRADE ONLY 172.21.0.0/24 IS ABLE TO COMMUNICATE WITH 172.30.0.8/30 SUBNET BUT THE OTHER SUBNET 172.21.0.0/24 IS NOT TALKING WITH 172.17.0.0/24 SUBNET..EVERYTHING IS RIGHT ON THE NETWORK SIDE , NOTHING IS CHANGED AS WE DONT SEE ANY LOGS FOR THE PROBLEMATIC SUBNET 172.17.0.0/24 FROM THE SOPHOS SIDE AND NEITHER FOR THE PINGING SUBNET 172.30.0.8/30. SO WHATS THE POSSIBLE ISSUE IS THE RESTORE IS NOT RESTORED PROPERLY ON THE SOPHOS SIDE.SO HOW TO RESOLVE THIS ISSUE AS ONE SUBNET IN TRANSFERING OVER THE IPSEC TUNNEL WHILE THE OTHER SUBNET IS NOT GETTING OVER THE IPSEC TUNNEL .

IS IT ANY THING WITH THE NEWER VERSION OF THE SOPHOS 18.5.1 BUILD ? AS THE SAME LAN 2 LAN SUBNETS ARE WORKING ON THE 18.0.5 XG FIRMWARE.

HELP NEEDED



This thread was automatically locked due to age.
Parents
  • +1

    Hello Muhammad,

    Thank you for contacting the Sophos Community.

    I would recommend you to do a GUI Packet Capture then start a Ping from a computer on the 172.21.0.0/24 going to a host on 172.17.0.0/24 and confirm if the packets are leaving the Ipsec0 interface.

    Also double-check your route precedence is using VPN routes as number 1.

    console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. VPN routes
    3. SD-WAN policy routes

    Regards,

Reply
  • +1

    Hello Muhammad,

    Thank you for contacting the Sophos Community.

    I would recommend you to do a GUI Packet Capture then start a Ping from a computer on the 172.21.0.0/24 going to a host on 172.17.0.0/24 and confirm if the packets are leaving the Ipsec0 interface.

    Also double-check your route precedence is using VPN routes as number 1.

    console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. VPN routes
    3. SD-WAN policy routes

    Regards,

Children