Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 40216 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 210 to Fortigate 100C - IPSec Tunnel up, I am unable to pass traffic across tunnel

ZoelDufort

I am working with my first Sophos devices and am running into a problem passing traffic over an established IPSec VPN tunnel.

I have a VPN tunnel established between Site A (Sophos XG210) and Site B (Fortigate 100c). I created a static route for the remote LAN at Site B on the XG Firewall, which is 10.20.0.0/24 on Port 2 and then configured a static route for Site A remote LAN (10.5.0.0/24) on the Fortigate. I have 2 rules in place on either site, at the top of the policy list. Sophos has LAN All->VPN All and VPN All->LAN All, and on the Fortigate Side LAN All->VPN All and VPN All->LAN All.  IPsec connection on XG Firewall has Local Subnet of Site A (10.5.0.0/24), and Remote Subnet of Site B (10.20.0.0/24). I cannot figure out why I cannot pass any traffic over the tunnel in either direction. Any help would be greatful!



This thread was automatically locked due to age.
Parents
  • 0
    I have determined through a packet capture of an ICMP request, that traffic from the Fortigate is getting to the XG Firewall over the IPSec tunnel, however the XG Firewall is not routing or is dropping the traffic destined for the interal LAN
  • 0 in reply to ZoelDufort

    With help from Sophos level 2 support, we were able to resolve the issue. Using SHA256 encryption was the culprit, so using SHA1 fixed the problem (supposedly a known issue). As I noted previously that an SNAT rule was required/added, it is not required so was also removed.

Reply
  • 0 in reply to ZoelDufort

    With help from Sophos level 2 support, we were able to resolve the issue. Using SHA256 encryption was the culprit, so using SHA1 fixed the problem (supposedly a known issue). As I noted previously that an SNAT rule was required/added, it is not required so was also removed.

Children
No Data