Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 481 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Tunel

Adem SI

I created IPsec tunel and its all green , but i can't conect to remote server

i have Inbound end outbound rules

but I don't have any connection between the two LAN servers.

So I have to create some static route after having the tunnel stabilized?

or what i have to do



This thread was automatically locked due to age.
  • 0

    What about looking at the other site?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    On otherr site 

    root@recargaki-moz2 MOZ]# traceroute 192.168.30.168
    traceroute to 192.168.30.168 (192.168.30.168), 30 hops max, 60 byte packets
    1 192.168.15.1 (192.168.15.1) 0.488 ms 0.507 ms 0.539 ms
    2 196.40.113.8 (196.40.113.8) 0.321 ms 0.319 ms 0.298 ms
    3 196.40.117.210 (196.40.117.210) 0.228 ms 0.409 ms 0.383 ms
    4 *
    5 *
    6 *
    7 *
    8 *

    o the trace is correct as you can see it matches the policy

  • +1 in reply to Adem SI

    That other site's traceroute does not look correct at all to me.

    Normally you have 2 - 3 hops maximum if using a direct ipsec tunnel from site-to-site.

    Yours seems to go to the WAN.

    But you give too little info here, we would need some kind of network diagramm to help you out.

    No need to hide internal IP, and you could obfuscate the public IP like that: 85.xx.yy.115 for better understanding.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    good.

    We have 2 sites with both a Sophos XG  and Fortigate configered with site-to-site ipsec VPN 

     On both sides we also have 2 firewall rules  VPN to LAN and LAN to VPN with any

    the conection is now estabilshed

    But I can't ping my Lan and I can't ping the remote site either

     Sohpos 

    My Local Gw 41..XX.YY.150

    My local lan 192.168.30.168

    Fortigate

    remote gw 196.XX.YY.218

    remotte lan 192.168.15.3

  • 0 in reply to Adem SI

    Lan should be something like 192.168.30.0 /24, not a /32 ip like 192.168.30.168.

    Same applies to the other side: 192.168.15.3 is not a network, but a single host. That should be 192.168.15.0 /24 or so.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    I don't want the whole network to communicate, just these two servers 30.168 and 15.3

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?