Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 5971 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN Tunnel up, but no route to host

jherm
Hi all,

we have a problem with a vpn tunnel to a data center, the tunnel itself is up and running, however the VPN log shows the error messsage "No route to Host".
The network we're trying to reach is public, ie. there's no private network behind the datacenter's gateway, tunnel status shows SA: 10.43.1.0/24=82.123.73.11  61.244.224.254=61.244.224.0/24. I suspect our astaro is routing all requests from the dc through our internet gateway instead of the VPN.

Correct me if I'm wrong, if not what do i need to configure for proper routing?

thnks
Marco


This thread was automatically locked due to age.
  • 0
    Hi, Marco, and welcome to the User BB!

    Please post pictures of your Tunnel Status, IPsec Connection and Remote Gateway for this VPN.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,

    thanks for your reply, here are the requested screenshots plus the IPSEC live log:

    2013:01:30-10:48:16 utm pluto[3382]: "S_Amadeus"[166] 62.245.225.254 #24675: Dead Peer Detection (RFC 3706) enabled
    2013:01:30-10:48:16 utm pluto[3382]: "S_Amadeus"[166] 62.245.225.254 #24675: sent MR3, ISAKMP SA established
    2013:01:30-10:48:16 utm pluto[3382]: "S_Amadeus"[166] 62.245.225.254 #24676: responding to Quick Mode
    2013:01:30-10:48:16 utm pluto[3382]: "S_Arcos"[10] 87.234.56.59 #24677: responding to Quick Mode
    2013:01:30-10:48:16 utm pluto[3382]: "S_Amadeus"[166] 62.245.225.254 #24676: IPsec SA established {ESP=>0x4fa804d4 0x19b6cc50 
  • 0
    I don't think it is possible to have the same subnet for the LAN and for the VPN-Gateway.

    Astaro wants to route and cann't do with this setup.
  • 0
    62.245.225.254 is in 61.244.224.0/24, so I wonder, like GMF, if that's a problem.  Best Guess is that they are NATting on the other side to a VPN server on a different IP - that would cause the VPN ID to be wrong, and you would need to change your Remote Gateway definition.

    Can you get more detail from the data center?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?