Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1111 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route internet traffic across IPSEC

Stuart James

I have the following setup with an IPSEC tunnel between the two Sophos XG firewalls.

Internet traffic from 192.168.1.1 goes out through Internet 1

I want to say that for traffic with a destination of 8.8.8.8, go across the IPSEC tunnel and out through Internet 2 - all other traffic remains on Internet 1

I've tried:

system ipsec_route add host 8.8.8.8 tunnelname <tunnel>

set advanced-firewall sys-traffic-nat add destination 8.8.8.8 snatip 192.168.1.1

Packet capture shows traffic is being sent to the IPSEC tunnel correctly on Sophos (192.168.1.254) but the traffic never arrives at the other end.

What am I missing?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Stuart,

    Thank you for reaching out to Sophos Community.

    • Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA for troubleshooting?
    • Verify if firewall rules are created to allow VPN traffic. Going to WAN and coming back
    • Packet capture from 192.168.2.254 to verify what happened to the packet
  • 0 in reply to Erick Jan

    Yes, I have done all that.

    Firewall rules are all created correctly.

    Packet capture on 192.168.1.254 shows traffic being sent across IPSEC tunnel but packet capture on 192.168.2.254 doesn't see anything.

  • 0 in reply to Stuart James

    Hey  , Can you also check the packet capture on the remote site whether the packets are also received over the IPsec tunnel if received is it getting forwarded to the destination IP and if destination IP is receiving then why then are there any reply packets generated from the destination IP ?

Reply Children