site-to-site ipsec vpn routing

Hi,

Please provide a detailed network plan and further details from your VPN & NAT configuration.

Check / post routing tables at booth sides.

Otherwise it is hard to help.

Sophos network

wan ip: 100.100.100.101

local ip: 192.168.48.1

LAN: 192.168.48.0

VPN IPSEC. Locale network 192.168.48.0/24, remote gateway 200.200.200.202 and LAN 192.168.5.0, NAT-Traversal checked,

Route: no static route 

masquarade - 192.168.5.0 to Uplink interface (tried without this rule)

Mikrotik network

wan ip: 200.200.200.202

local ip: 192.168.5.1

LAN: 192.168.5.0

NAT: masquarade srcnat and first rule accept srcnat src 192.168.5.0/24 dst 192.168.48.24

firewall accept any to any

Static Route: 192.168.48.0 Gateway LAN (if WAN I can't ping anything) Without this route also can't ping enything

VPN IPSEC, state established. Can ping 192.168.48.1 from mikrotik router and local PC (192.168.5.10)

Repeated the same settings on other Sophos router. Spent 4 min and VPN works fine and can ping both local networks. Will try to find problem in this router ((

Repeated the same settings on other Sophos router. Spent 4 min and VPN works fine and can ping both local networks. Will try to find problem in this router ((

I compared all settings between 2 sophos routers. SG105W(work) VS SG210(not work). I can't find problem. How I can dump traffic on this routers ? Maybe some other options to find problem?

you may use TCPDUMP from shell to capture traffice and wireshark to check the file.

next option is to export the configuration from SG105 and import to SG210. Add the correct Sg210 license afterwards.

Create a backup from SG210 before.

PS: Do you select "bind tunnel to local interface"? Try deselecting this option.

Fixed it.

I changed my network 192.168.5.0 on mikrotik to 10.0.10.0

Network 192.168.5.0 conflicted with settings on sophos. I missed this.

Thanks to all for the answers.