Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 24689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Site to Site VPN - Ping one way, but not other

RichardPhillips

Hi,

I have two XG210s, both identical in terms of firmware.

Tunnel is up and running fine, both ends report link up.

Site A firewall and client PC can ping Site B firewall and client. To make the client respond to pings, there is a VPN to LAN policy. TraceRt completes fine.

Site B firewall and client cannot ping Site A firewall or client (same policy VPN to LAN policy as above) TraceRt only goes 1 hop to the Site B firewall.

I am sure it is something simple I am missing, but I just cant figure it out why with identical setups, I can only ping one way.

Thanks.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Thanks Luk.

    Policy is the same on both ends.

    I haven't done whats in method 2 on that link yet. Having read it though, I am not sure I have explained the problem well enough as that doesn't appear to be my issue.

    What I don't understand is how Site A can ping the XG at Site B, but Site B cannot ping the XG at Site A. Whilst I have gone one stange further and have a client at A pinging the XG and a client at B, I just don't understand why B cant see A.

    Both sides are setup for all intents and purposes the same.

    Rich.