IPsec Site-to-Site on XG18 not working

Could you try to create the IPsec route? https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/SiteToSiteVPN/VPNCreateIPsecRouteSiteToSiteIPsecNAT/index.html

Create it from Site A to give Firewall A the route to Network B. 

doesn´t work.. but also its not what I need I think. because I have on both sites the same subnets, they ware NATed to a local-subnet and remote-subnet, using this
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/SiteToSiteVPN/VPNConfigureSiteToSiteIPsecNAT/index.html

but it´s not working, like it does in the tutorial.. also I have a difference.. in tutorial the get at step 5 the Local Interface IP and Local Gateway IP.. with mine config, I dont get a Local Gateway IP in that windows.. just a "Not Available"

but with VLANs that should work the same way, or not? I setup up the VLANs as a Zone, because I need to seperate them.. maybe thats the point?

Hisuperfun2k22 

Please go to Configure --->Network --->Interface on Both the Firewall and share the interface network configured currently which you want to communicate with IPSec VPN with snapshots.

Also, share the local and remote subnet you have configured on IPSec VPN at Headoffice and Brandoffice IPSec VPN.

Thanks and Regards

VLAN IPs are 11.11.11.1 and .2.. the local networks at branch and HQ are the remote on each others site, so I don´t made a screenshot for all :D
this is a test-area which I set up.. our real network is actually down due to this mis-config.. but it´s technically the same

that all based on this tutorial:

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/SiteToSiteVPN/VPNConfigureSiteToSiteIPsecNAT/index.html

here the firewall-rule.. its the same on both:

Hi superfun2k22

As per the snapshot you have private IP on Port 2 on each side of Sophos XG

I'm suspecting your ISP router is blocking ports for IPSec to work

Have you forwarded ports 500 and 4500 on your upstream router connected on Port 2?

Please check the logs on both  firewall CLI to verify the same : 

console> tcpdump 'port 500 or 4500 

console>show vpn IPSec-logs and share the logs with us 

Tip: make sure you have static Public IP on Sophos XG or DDNS to make IPSec VPN Tunnel up

Thanks and Regards

Hi superfun2k22

As per the snapshot you have private IP on Port 2 on each side of Sophos XG

I'm suspecting your ISP router is blocking ports for IPSec to work

Have you forwarded ports 500 and 4500 on your upstream router connected on Port 2?

Please check the logs on both  firewall CLI to verify the same : 

console> tcpdump 'port 500 or 4500 

console>show vpn IPSec-logs and share the logs with us 

Tip: make sure you have static Public IP on Sophos XG or DDNS to make IPSec VPN Tunnel up

Thanks and Regards