Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 742 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CONNECTION HQ-BRANCH

Fadi_Hamamdeh

Hi,

I have two sites (HQ and branch), and I have VPN site to site between this sites.In brance site found Mikrotiok after xg firewall.

I can access  from  server in HQ site to Branch site, but i cant access from server in brach site to HQ site.

two firewalls in site SOPHOS XG.

Rule:

in HQ Firewall  -- LAN (192.168.1.0/24) to VPN (20.20.20.0/24) Accept && VPN (20.20.20.0/24) to LAN (192.168.1.0/24) Accept

in Branch Firewall -- LAN (20.20.20.0/24) to VPN (192.168.1.0/24) Accept && VPN (192.168.1.0/24) to LAN (20.20.20.0/24) Accept

in Branch firewall I have static route to reach 192.168.2.0/24 network.

PROBLEM: server (192.168.1.200) can reach to server (192.168.2.200),,,, but server(192.168.2.200) CAN'T reach to server (192.168.1.200)

Regards,



This thread was automatically locked due to age.
Parents
  • +1
    Fadi_Hamamdeh said:
    PROBLEM: server (192.168.1.200) can reach to server (192.168.2.200),,,, but server(192.168.2.200) CAN'T reach to server (192.168.1.200)

    1. Please share packet flow from 192.168.1.200 to 192.168.2.200 under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 192.168.2.200 and proto ICMP

    Share the screenshot 

    From SSH with option 4 check tcpdump 

    console>tcpdump 'host 192.168.2.200 and proto ICMP

    console>dr 'host 192.168.2.200 and proto ICMP

    2. Please share packet flow from 192.168.2.200 to 192.168.1.200 under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 192.168.1.200 and proto ICMP

    From SSH with option 4 check tcpdump 

    console>tcpdump 'host 192.168.1.200 and proto ICMP

    console>dr 'host 192.168.1.200 and proto ICMP

    Please check the packet flow from the Head office and Branch office 

    Share the output with a screenshot

    the issue is with routing your Microtik router 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1
    Fadi_Hamamdeh said:
    PROBLEM: server (192.168.1.200) can reach to server (192.168.2.200),,,, but server(192.168.2.200) CAN'T reach to server (192.168.1.200)

    1. Please share packet flow from 192.168.1.200 to 192.168.2.200 under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 192.168.2.200 and proto ICMP

    Share the screenshot 

    From SSH with option 4 check tcpdump 

    console>tcpdump 'host 192.168.2.200 and proto ICMP

    console>dr 'host 192.168.2.200 and proto ICMP

    2. Please share packet flow from 192.168.2.200 to 192.168.1.200 under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 192.168.1.200 and proto ICMP

    From SSH with option 4 check tcpdump 

    console>tcpdump 'host 192.168.1.200 and proto ICMP

    console>dr 'host 192.168.1.200 and proto ICMP

    Please check the packet flow from the Head office and Branch office 

    Share the output with a screenshot

    the issue is with routing your Microtik router 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML