Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec between XGS an UTM not working - only on-way traffic

We have an XGS (v19) in the head office and a UTM in the branch, which initiates the connection. The tunnel itself is up, firewall rules are in place allowing any to any between the office networks.

Funny thing is, that the traffic from the branhc comes through, but the other way around seems broken. I cannot ping unless I add a route via shell  ("ipsec_route add"), but if I remember correctly that should not be necessary as the routes should be added automatically on creation fo the tunnels.



This thread was automatically locked due to age.
Parents
  • Hi It may possible some SD-WAN rule on HO is present for the local LAN (which is a remote network for UTM BO over the VPN) with destination Any and Service Any which is forwarding traffic over SD-WAN for IPsec reply just because SD-WAN has higher precedence over static and VPN in the HO XG. Tweaking route precedence may help or fix the issue.

Reply
  • Hi It may possible some SD-WAN rule on HO is present for the local LAN (which is a remote network for UTM BO over the VPN) with destination Any and Service Any which is forwarding traffic over SD-WAN for IPsec reply just because SD-WAN has higher precedence over static and VPN in the HO XG. Tweaking route precedence may help or fix the issue.

Children
No Data