I'm trying to migrate UTMs to XG. Currently HQ site has UTM.
BO has a new XG (in test currently) and I can get the IPSec to establish and it has the correct SA if I define the same subnets on each side (typical for the old UTM>UTM style IPsec tunnels).
When I define the Subnets on the XG, a grey note appears (see image) that defining routes or a xfrm interface IP is not required (nor can I do either of these anyways).
On the UTM, the route gets added without an issue. However, on the XG, I'm not getting a route for the remote site subnet and traceroute shows the packets going out the WAN interface (not the tunnel interface) and getting timeouts (of course).
I've watched several of the videos and read a few documents but it seems they all differ slightly in recommendations depending on the version the doc was created for.
This thread was automatically locked due to age.
