Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1243 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec connection not used

dirkkotte

Hi all,

i have a ipsec-connectin, but packets didn't use these:

XGS2100_RL01_SFOS 19.0.1 MR-1-Build365# ip route show table 220
192.168.192.1 dev ipsec0 scope link src 192.168.179.254

XGS2100_RL01_SFOS 19.0.1 MR-1-Build365# ip route show table all
default via 192.168.178.1 dev Port2 table wanlink1 proto static src 192.168.178.2
prohibit default table wanlink1 proto static metric 1
default via 192.168.178.1 dev Port2 table gw1 proto static
prohibit default table gw1 proto static metric 1
default dev ipsec0 table routeipsec0 scope link
default via 192.168.178.1 dev Port2 table multilink proto static
192.168.192.1 dev ipsec0 table 220 scope link src 192.168.179.254
10.0.0.0/8 via 192.168.92.114 dev Port1 proto zebra
10.0.1.0/24 dev PortMGMT proto kernel scope link src 10.0.1.1 linkdown
172.16.0.0/12 via 192.168.92.114 dev Port1 proto zebra
192.168.0.0/16 via 192.168.92.114 dev Port1 proto zebra
192.168.92.112/28 dev Port1 proto kernel scope link src 192.168.92.113
192.168.178.0/24 dev Port2 proto kernel scope link src 192.168.178.2

but packets use the other LAN-Port (Port1) but not the IPSec connection:

console> system route_precedence show
Routing Precedence:
1. VPN routes
2. SD-WAN policy routes
3. Static routes
console>


 



This thread was automatically locked due to age.
Parents
  • 0

    Hey ,

    Thank you for reaching out to the community, do you also have the routes added into the IPsec tunnel from the console?
    console> system ipsec_route show

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    no, there are no manually added routes ... why i should? Does route-precedence work for these routes only?

    console> system ipsec_route show
    tunnelname host/network netmask

    console>

    i have to create >200 Tunnel ... adding these routes manually ... oh no


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Vivek Jagad

    no, there are no manually added routes ... why i should? Does route-precedence work for these routes only?

    console> system ipsec_route show
    tunnelname host/network netmask

    console>

    i have to create >200 Tunnel ... adding these routes manually ... oh no


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
Unfiltered HTML