Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 1307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG VPN traffic only working one way direction

Joel Thornton2

Hello,

We have an XG running our primary site with another XG running a secondary. The two have an SSL Site to Site VPN between them.

I have setup the firewall rules to just be allow everything on the VPN on both XGs (for the purposes of testing).

If I go to Site A I can get onto the servers at Site B and everything seems fine - you can ping, browse file shares, RDP etc as expected.

If I go to Site B, I can't connect to the servers at Site A. The DNS resolves via the local server but you can't ping or use any services.

I have done the diagnostics on both XGs and both know to use the tunnel to send the particular IP ranges.

What am I missing - is it a NAT issue? The side with the issue has a lot of NAT rules from a previous IT guy and the upgrade to 17.5 - 18.0. I can start going through these if this is likely to be the problem.

Any suggestions gratefully received.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Joel Thornton2,

    Please create firewall rules from  VPN-LAN and LAN-VPN on each side and keep rules on TOP.

    Please Go to System --->Admininstration --->Device Access and tick mark ping on VPN and LAN Zone on both Sophos XG firewall

    Hope this helps 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Thanks for the tip - already done this though hence posting. Will try again though and check my config

  • 0 in reply to Joel Thornton2

    Hi Joel Thornton2 ,

    Please check the traffic flow with help of tcpdump, drop packet capture from CLI and packet capture from GUI

    console>tcpdump 'host <destination IP> and proto ICMP

    console>drop-packet-capture 'host <destination IP> and proto ICMP

    Please go to MONITOR & ANALYZE--->Diagnostics --->Packet Capture and click on Confiure  and enter : 

    host <destination IP> and proto ICMP

    Please share the logs if possible 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Joel Thornton2

    Hi Joel Thornton2 ,

    Please check the traffic flow with help of tcpdump, drop packet capture from CLI and packet capture from GUI

    console>tcpdump 'host <destination IP> and proto ICMP

    console>drop-packet-capture 'host <destination IP> and proto ICMP

    Please go to MONITOR & ANALYZE--->Diagnostics --->Packet Capture and click on Confiure  and enter : 

    host <destination IP> and proto ICMP

    Please share the logs if possible 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?