This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No Connection through an Site2Site tunnel with IPSec

Good Morning,

i set up an IPSec Tunnel between two SG230 a year ago.
Since 4 days now, the tunnel is still established, there is no traffic going through the tunnel. Everything looks good so far until i try to geht access to the other network.
In the log of the firewall, i see the allowed packages (From the sIte where i start the request).
I already set up a new one with automatic firewall rules on both sites, but got still the same problem.

Both Device has the Firmware: .9707-5

This thread was automatically locked due to age.

Top Replies

NicoM over 3 years ago in reply to dirkkotte +1

Manchmal ist es doch einfacher als gedacht... NAT-T war auf einer der FW noch nie aktiv. Nach dem anschalten waren der Tunnel auch wieder nutzbar

Parents

0 dirkkotte over 3 years ago

Are there changes within routing ?
Try a traceroute from both locations to the far site.
Results?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkkotte over 3 years ago

Are there changes within routing ?
Try a traceroute from both locations to the far site.
Results?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 NicoM over 3 years ago in reply to dirkkotte

Hi Dirk,

thanks for your reply. Nothing has changed.
If i have a look at the cli. I'm able to see outgoing traffic with the right source and destination, on both sides. But there is no incomming traffic.
Traceroute stops at the local Gateway of the Firewall...
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 3 years ago in reply to NicoM

"Traceroute stops at the local Gateway of the Firewall..."

Within Traceroute can you see the def.GW of the UTM? If the traffic goes though the tunnel, you should not see the UTM-def. GW

(or do you see the UTM itself ... the def. GW of this LAN segment)
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 3 years ago in reply to dirkkotte

Hallo Nico,

nochmal meine Frage auf Deutsch (ich hatte komplett übersehen, dass wir im deutschen Forum sind).

Wenn du traceroute "durch den Tunnel" imitierst, siehst du dann auch noch die IP, welche die UTM als default Gateway nutzt?

Das würde bedeuten, dass die Traffic nicht in den Tunnel geht, sondern daran vorbei.
Cancel
Vote Up 0 Vote Down

Cancel
0 NicoM over 3 years ago in reply to dirkkotte

HI Dirk,

Meine Antwort wurde nicht gesendet. Diese sehe ich nicht.
Mit dem Befehl den Balfson habe festgestellt das die Pakete in den Tunnel gehen.
Cancel
Vote Up 0 Vote Down

Cancel