Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3975 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IpSec VPN - can't access NAS

marcusamice
Hi, 
Just got started with sophos UTM's.
Implemented an IpSec tunnel between to UTM9-110/120.
No errors in the UTM gui. I can ping the IP's on the other side.
An IP-scan-tool gives a list of discovered IP's.

I want to access the management interface of a NAS (115.115.101.20).
No luck with that [:S]

Site A: 192.168.1.0/24 (site where i'am on)
Site B: 115.115.101.0/24

What is this newbie missing?
Grtz, M.


This thread was automatically locked due to age.
  • 0
    Hi,

    Did you check "auto firewall rule" or create firewall rules manually?

    What do the firewall and IPS logs show?

    Barry
  • 0
    Also, if you're using transparent web filtering you may find your luck in excepting these IP's from transparent filtering.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Hi,
    "auto firewall rule" is ON.
    I did disabled web filtering on both UTM's --> no result.
    I have some manual firewall rule. All for outgoing traffic. 
    Created one to allow all trafic from "any" going to "any" for "any" services--> this works if created on UTM site B.
    When created on Site A --> no result
    So it seems the auto rules are not enough. Or....... Network definition not correct. YES!
    Bind it under advanced settings to an interface. nOOps.
    Thx for your help.
  • 0
    Created one to allow all trafic from "any" going to "any" for "any" services--> this works if created on UTM site B.
    When created on Site A --> no result


    Rules allowing the traffic have to be created on both routers. It's not sufficient to create a rule on one router only.
  • 0
    Rule was created for troubleshooting only. It overruled the "auto rules" that come with the ipsec vpn. Gateway used wrong network definition,  that caused the problem.
  • 0 in reply to marcusamice
    ... Network definition not correct. YES!
    Bind it under advanced settings to an interface. nOOps.


    Hi, I'm not sure if you're saying the definition was bound by accident to an interface and you've removed that, or if you've added a binding.

    Anyways, it's rare that one should bind a def to an interface.

    Barry
  • 0
    Hi, Marcus, and welcome to the User BB!

    In fact, the automatic rules have precedence over manually-created ones.  Consider the https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065, especially #2 and #3.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I´ll try to explain it further, as a newbie.
    I used a faulty "network" definition in the field "remote networks" of the "Remote Gateway" i used for the "IPsec Connection". The "network definition" (under the "advanced tab") I binded to an interface. Result: no trafiic possible over the tunnel.
    The rule i created for troubleshooting did make traffic possible over the tunnel.

    When > was selected it worked as it should.

    Does my best try makes any sense?
  • 0
    Great!  Glad you found the problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML