Branches office cannot communicate thought Ipsec of head office

Question

Hi, 
 We are 2 branches office and one Headquarter. 
 
 BO1-------Ipsec------HQ------Ipec-----BO2 
 
 Connexions between BOs and HQ are fine ( ping/share...ect) but I cannot ping any computer from BO1 to BO2 or BO2 to BO1. 
 On Ipsec setup of HQ, Network from each BO are in local subnet. And each place have Firewall rules : VPN to Lan and Lan to VPN 
 Do I missing something? 
 
 thanks for your help,

Samps · Accepted Answer

And It works! 
 
 Thanks a lot, 
 
 Regards,

lferrara · Answer

Samps, 
 rewrite source address is not needed on those rules. For routing internet traffic from branch office to HQ, uhm....you can create a firewall rule VPN to WAN (MASQ on) and additionally, you need to change the remote network on branch office to any and on HQ the local network to any. https://community.sophos.com/kb/en-us/115661 It is for UTM9 but you can see the changes required or: https://kb.cyberoam.com/default.asp?id=2617 
 Regards

lferrara · Answer

So if I understood correctly, ssl vpn for remote users, correct? 
 If this is the case, create an above firewall rule where source is vpn but source network is the ip-range leased by the XG vpn ssl component. You can find the leased ip from vpn > show vpn settings>ssl 
 Regards

lferrara · Answer

Samps, 
 clone this rule but change the LAN to WAN and enable Masq. 
 It should work! 
 Regards

lferrara · Answer

Samps, 
 use a traceroute from each branch office to understand where the traffic goes. If it go through internet, you have to add a static route on each branch office that uses the IPSec as gateway or interface. 
 Regards