I am having a very strange problem with a 3rd party app communicating through my Sophos if they are coming through an IPsec tunnel. I don't know if this belongs in the IPsec discussion group, the web filtering group, or here because it includes parts of all three.
The 3rd party program runs on handhelds units that have a cellular connection and wifi connection. It communicates back to a hosted server on the internet over HTTPS. The devices are on a private subnet while they are on the cellular network that is routed back to my Sophos UTM through an IPsec tunnel. While they are at one of my locations they are on wifi, which uses an internal interface on my Sophos as the gateway.
The problem is that they cannot transfer information while on the IPsec tunnel, but they can while they are on my local wifi. The IPsec tunnel is set to route all traffic (0.0.0.0) to the Sophos and works fine for everything else I have been able to test. For the 3rd party app to work on my local wifi I did have to disable transparent mode web proxy for traffic with a destination of the hosted IP address, but it still doesn't work over the IPsec tunnel.
I have tried SNAT, DNAT, and NAT masquerading rules, and have a rule to allow all traffic from my local network and my remote IPsec network to the hosted IP, but it still will not work over the IPsec tunnel. The truly odd part is that the program has a test it runs to see if it has connectivity over HTTPS to the hosted server and that returns good on both my local network and the remote network. It is that test working, but a failure of the actual use of the program that had me disable transparent proxy for the hosted IP address because the web proxy logs said it was allowing everything. When I got that part working I assumed the problem on the remote network would resolve itself, but it didn't. Their test connectivity function works, but it fails to actually transfer any data when in production.
The software vendors have confirmed that the test is just a check to see if the port is open and it can get a response and have said that any errors after that point would probably do with my firewall or web proxy, however I have told it to skip transparent mode proxy for that traffic and do not see anything in the logs while I am trying to get it working.
What other modules or parts could possibly be causing trouble with HTTPS traffic between a device on an IPsec tunnel that is routing the traffic through my Sophos UTM and out to the internet. I cannot find anything in any of the logs to indicate a problem or that the traffic is being intercepted.
Any help on what to check would be appreciated,
Thanks
This thread was automatically locked due to age.
