Hello together,
I am struggling with a strange problem. In my setup, an XG is supposed to send all internet traffic from a branch office through the central office. For this I have set up an IPsec site-to-site connection. For most of the internet traffic the setup works. However, some sites are unreachable. For example, youtube.com or wikipedia.org is reachable, but nytimes.com, yahoo.com or most Microsoft pages are not.
Setup in the branch office:
In the site-to-site connection, under remote network it says "any".
There is a firewall rule VPN to Central - any service is allowed - no NAT set up
In the central office:
In the site-to-site connection, "any" is under local.
There is a firewall rule VPN to WAN with SNAT - for testing all security mechanisms(within that rule) are switched off. So no DPI, Webproxy or anything else.
I made a packet capture:
Branch office - site reachable:
Head office - site reachable:
Branch office - site not reachable:
head office - site not reachable:
This thread was automatically locked due to age.
