Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 27 subscribers
  • Views 16077 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VM in Azure - Sophos Site to Site with UTM

Idriel

Hi,

XG is up in Azure, now we want to connect On-prem UTM with Site-to-site to XG in Azure.

We dont want to use Azure Site-to-site, we want to connect Sophos with Sophos and then have Site-to-site but we issue some troubles.

IPSec tunnel is up from Azure to On-prem site but no data flow.

Are that issues with Azure as you do not have route for internal ranges and you cannot put Internet Next-hop? Anyone had same issues?

Currently, don't have any experience with Azure.



This thread was automatically locked due to age.
Parents
  • 0

    Idriel,

    Did you create the proper firewall rule?

    Pinging a device is it working?

    Give us more information.

    Thanks

  • 0 in reply to lferrara

    Have only two rules,

    One is LAN to WAN with MASQ.

    Second one is LAN, VPN to LAN, VPN -> Any Service Allow, NO MASQ.

     

    Ping from Azure XG to On-prem UTM LAN IP do not work.

    Ping from On-prem UTM to Azure XG LAN NIC = Works?

    Ping from On-prem UTM to Azure Server do not work (ping from XG to Azure servers work).  

  • 0 in reply to Idriel

    On XG make sure to enable ping on vpn zone under Administration > device access.

    What is the output of a traceroute?

    Share the results

    Thanks

  • 0 in reply to lferrara

    VPN Ping already enabled.

     

    No Traceroute in Azure, only * * * * *

    traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 46 byte packets
 1  *  *  *
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6  *  *  *
 7  *  *  *
 8  *  *  *
 9  *  *  *
10  *  *  *
11  *  *  *
12  *  *  *
13  *  *  *
14  *  *  *
15  *  *  *
16  *  *  *
17  *  *  *
18  *  *  *
19  *  *  *
20  *  *  *
21  *  *  *
22  *  *  *
23  *  *  *
24  *  *  *
25  *  *  *
26  *  *  *
27  *  *  *
28  *  *  *
29  *  *  *
30  *  *  *
Reply
  • 0 in reply to lferrara

    VPN Ping already enabled.

     

    No Traceroute in Azure, only * * * * *

    traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 46 byte packets
 1  *  *  *
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6  *  *  *
 7  *  *  *
 8  *  *  *
 9  *  *  *
10  *  *  *
11  *  *  *
12  *  *  *
13  *  *  *
14  *  *  *
15  *  *  *
16  *  *  *
17  *  *  *
18  *  *  *
19  *  *  *
20  *  *  *
21  *  *  *
22  *  *  *
23  *  *  *
24  *  *  *
25  *  *  *
26  *  *  *
27  *  *  *
28  *  *  *
29  *  *  *
30  *  *  *
Children