I have IPSEC Site-To-Site VPN working fine from internal network to internal network. Hosts can reach each other with no problem, but the UTMs themselves can not reach a host on the other side, only each other. I have confirmed this with ping, tracert, and DNS on the Support: Tools tabs.
Example: I need UTM A (which is running SMTP proxy) to be able the reach a PDC host on the other side of the VPN, not just UTM B, so DNS request routing to the PDC can work so that emails from hosts on the UTM A side do not get blocked by Strict rDNS checks which I have now committed to using. I know I can add the hosts to an Exception List under Email Protection: SMTP: Exception tab, but I would rather it just work, or at the very least, to understand why it won't.
The Automatic Firewall rules are attached and I would think that a UTM itself would match the rule because it is after all an address within the network but no joy because, presumably, the UTM's Internal Address is part of the tunnel.
I tried adding Internal (Address) to the firewall rules, but no luck.
The IPSEC Site-To-Site VPNs are:
192.168.1.0/24=96.254.x.94 96.252.x.46=192.168.100.0/24
and
192.168.100.0/24=96.252.x.46 96.254.x.94=192.168.1.0/24
respectively.
Can anyone think of why this does not work and what is required to make it work? Seems everything is possible with Sophos, how is what will make your head explode sometimes.
Any help appreciated.
Thanks in advance,
HTG
This thread was automatically locked due to age.
