This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN

Hello,

I have a challenge with our NATted Site-Site IPSec VPN setup. Problem is users cannot access the internet when the VPN connection is on, but can access resources on the remote site. Our firewall is a CR25iNG. The network admin managing the remote site says our LAN IPs are supposed to be NATted (or PATted) on our firewall towards the IPSec tunnel so that users can connect to the remote site through the tunnel without any further configuration on their PCs, that i have to configure the firewall so that when an IP from our LAN tries to reach the remote subnets the IP is translated to the static IP they gave me, with the firewall policy through the IPSec tunnel. Now i have already done this but doesnt seem to change anything, Have i missed something?

 

Thanks,

 

Jasper



This thread was automatically locked due to age.
Parents
  • Hi  

    Depending on what OS your CR25iNG is running, I would advise moving your thread over to the XG or Cyberoam community group.

    In regards to your question, would it be possible to share how your IPsec tunnel is configured and the firewall rule is setup for LAN to VPN access?

    Thanks,


    Florentino
    Director, Global Community & Digital Support

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • Dear FloSupport,

    Thank you for your reply, think i figured out what the problem is:

    1. On the IPsec Config page, when i set the remote LAN to Any the VPN connection seems to work but my users cant access the internet, which means all traffic is being sent to the tunnel and internet traffic has been restricted.

    2. On the same page, when i set the subnets we want to access, the VPN doesn't work, which leaves me to think that the problem may be on the remote site, so i will speak to the Net admin on the other side to provide way forward.

     

    Thanks again FloSupport,

    Jasper.

  • Hi  

    Thank you for following up and providing your investigation results.

    When you mention that after configuring the IPsec tunnel to the remote LAN subnets you want to access, the VPN doesn't work. Does the tunnel establish still? Or are clients not able to successfully connect to these remote resources?

    Make sure that your IPsec policies/configuration are matching on both sides. Also, take a look at the IPsec logs (charon.log) as they may provide more hints to help you.

    Regards,


    Florentino
    Director, Global Community & Digital Support

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • Dear FloSupport,

     

    Thank you again for your reply, the answer to your question is no, the tunnel does not establish when i set the remote subnets (172.x.x.0) and users cannot access resources on the remote site, but can access the internet. When i set the remote LAN network to ANY, connection to the VPN is established and users can access resources on the remote site but now they cannot access anything on the internet and this is my second problem. 

     

     

    Regards,

     

    Jasper.

  • Hi FloSupport,

    I would like to know which IKE version the CR25iNG - 10.6.6 MR3 supports by default is it v1 or v2?

     

     

    Thanks,

    Jasper

Reply Children
No Data