Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 30 subscribers
  • Views 1458 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing Problem

148Points

Hi, i'm facing a little problem i can't solve.

Theres two offices, site A and site B.

Site a has a Sophos XG , site B don't, they go online via an AVM Router (FritzBox). The sites are connectetd via IPSEC VPN from site B's Sophos to site B's AVM Router (FritzBox2).

So on site A theres a host (192.168.1.3)  that need to connect to a public ip via a Connector-Device that sits on site B. We tried adding a route an the host:

"route add 100.102.0.0 mask 255.255.0.0 192.168.137.220" but that didn't do the trick.

If i trace route the IP adress i need to connect to i get:

  1    <1 ms    <1 ms    <1 ms  192.168.1.254
  2    <1 ms    <1 ms    <1 ms  192.168.2.254
  3  p3e9bf07d.dip0.t-ipconnect.de [62.155.240.125]  meldet: Zielnetz nicht erre
ichbar.

So it seems i'm not even reaching the 192.168.137.0 net on site B.

Of course i can ping the Connector-Device on Site B just fine:

Ping wird ausgeführt für 192.168.137.220 mit 32 Bytes Daten:
Antwort von 192.168.137.220: Bytes=32 Zeit=17ms TTL=62
Antwort von 192.168.137.220: Bytes=32 Zeit=15ms TTL=62
Antwort von 192.168.137.220: Bytes=32 Zeit=15ms TTL=62
Antwort von 192.168.137.220: Bytes=32 Zeit=16ms TTL=62

Ping-Statistik für 192.168.137.220:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 15ms, Maximum = 17ms, Mittelwert = 15ms

Do i need to add a route on the Sophos on site A? The important thing is that this route is only valid for the specific host, so no other host in site A would take that way.

I tried painting the situation to make it a little more clear. Feel free to ask if i failed to give sufficient information.

Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Hello Tobias,

    two things: IP is never "OneWay". Of course you have to have a route back to that host 192.168.1.3 from your other net.

    What your diagram doesn't show is the gateway ip on each of the sites. I understand you have a tranfernet 192.168.2.0/24 between the Sophos XG and the Fritzbox1.

    Could you add those IPs to the diagram? On Fritzbox2 as well?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    Hallo Philipp, thanks for your reply and for your advice. I added the Gateway IPs in the picture.

    Yes, that's a transfer-net between the Sophos and FritzBox1 on Site A.

    Basically, the 192.168.1.0 Network ist the local LAN for the Sophos, with 192.168.1.254 as the Gateway(and Sophos-Interface-)-IP. The the Sophos WAN Interface-IP is 192.168.2.1 and the FritzBox 1 has 192.168.2.254 as it's Interface IP.

    Then on Site B we only have FritzBox2 and 192.168.137.254 as the Gateway for the local LAN.

  • 0 in reply to 148Points

    Hello,

    so the tunnel is defined on both FritzBoxes? And not like in your diagram?

    Otherwise, host 192.168.137.220 would not "see" 192.168.2.254.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    No, the tunnel is only between Sophos and FritzBox2. I'm pretty sure Site B doesn't know about 192.168.2.0/24 but i can't check right now, since i only have acces to hosts on Site A plus the FritzBox on SiteB.

    Will adding the route to 192.168.2.0 to the FritzBox2 help?

Reply
  • 0 in reply to jprusch

    No, the tunnel is only between Sophos and FritzBox2. I'm pretty sure Site B doesn't know about 192.168.2.0/24 but i can't check right now, since i only have acces to hosts on Site A plus the FritzBox on SiteB.

    Will adding the route to 192.168.2.0 to the FritzBox2 help?

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?