This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentication server can't be reached across IP Sec Tunnel

I currently have two Sophos XG firewalls. with an IP Sec tunnel between the two. An Active Directory server (server A) on one side of the tunnel can talk with another Active Directory server (server B) on the other side of the tunnel. The XG on the same side of the tunnel as server A can use Active Directory authentication for authenticating VPN users. This is using the AD on server A. However, the other Sophos XG is not able to talk to Server A for active directory authentication. I am however able to ping from server B across to server A.

Any thoughts on this? Thanks

This thread was automatically locked due to age.

0 lferrara over 8 years ago

Nate,

did you have a look at this KB?

https://community.sophos.com/kb/en-us/123334

Verify that you can telnet to 389 from your computer to AD server in the other site. Check Windows Firewall.

Use tcpdump "port 389" from XG console and check how the traffic is flowing.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 StefanoColombo over 6 years ago in reply to lferrara

Hi

I've got a question regarding this solution .

in the command

system ipsec_route add host <IP Address of host> tunnelname <tunnel>

since we have a failover group for the tunnel , should we use the failover group name as tunnel name ? Does it work ?

thanks
Cancel
Vote Up 0 Vote Down

Cancel