Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 5573 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM cant communicate through tunnel

brohall
I have a strange problem where all communication through the IPSec tunnel works but the UTM on one side can not communicate with any machines on the other side of the tunnel. It is like the UTM doesn't know its own routes and tries to talk through the default gateway instead of though the tunnel.

Are there any specific rules/routing that I have to set up to let the UTM communicate with the machines on the other side of the tunnel?


This thread was automatically locked due to age.
Parents
  • 0
    ah, it's the UTM itself that cannot communicate over the tunnel. I have actually never tried that and for myself this doesn't make sense, because it's the systems protected by the UTM that need to communicate with other ends of tunnels.

    I'm not sure if you actually should (or even want) to put the WAN IP's also in the tunnel.

    Perhaps you could have the UTM send it's ping from it's own Internal interface instead of not selecting the interface.

    Just checked this myself and had my UTM ping to a device behind a tunnel, with just PING IP the UTM selected an interface that wasn't part of the tunnel, with PING -I interface remote_IP the ping did go into the tunnel.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    ah, it's the UTM itself that cannot communicate over the tunnel. I have actually never tried that and for myself this doesn't make sense, because it's the systems protected by the UTM that need to communicate with other ends of tunnels.

    I'm not sure if you actually should (or even want) to put the WAN IP's also in the tunnel.

    Perhaps you could have the UTM send it's ping from it's own Internal interface instead of not selecting the interface.

    Just checked this myself and had my UTM ping to a device behind a tunnel, with just PING IP the UTM selected an interface that wasn't part of the tunnel, with PING -I interface remote_IP the ping did go into the tunnel.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML