ipsec vpn issue on utm 9


hi, i have some vlan in my network and create a ethernet vlan on utm interface facing to my lan  for each vlan

as a Gateway of each vlan

and since 3 weeks i set up an ipsec s2s with 2 partners one is using ASA the other one is using Cisco ISR as vpn Gateway the tunnel is up on both side, and it is green on the UTM, the remote lan over ASA or Cisco ISR can ping my LAN but from my LAN (over the UTM) i cannot ping them (both)

i Always get a destination host unreachable from the utm interface linked to the LAN which the gateway

i use Sophos sg  210, and made a update toward 9.605-1 of the firmware

  • Hi,

    noone of you never face to that issue?

    anybody cannt help me?

  • In reply to cheikh ka:

    Hi and welcome to the UTM Community!

    Please show us pictures of the Edits of the IPsec Connection and Remote Gateway.  Also of the 'Site-to-site VPN Tunnel Status' with all details showing.  Obfuscate IPs like 98.x.y37, 172.2x.y.17, 192.168.x.27.

    Cheers - Bob 

  • In reply to BAlfson:


    i can not show you tunnel details cause i am not at my office today

    but be sure the status of the tunnel is green and mention SA is etablished

    i dont understand what do you mean by "Obfuscate IPs like 98.x.y37, 172.2x.y.17, 192.168.x.27" ??

    you mean by that to avoid using those IP's, to not use IP's like those (those are public IP's =98.x.y37, 172.2x.y.17, and this is private IP's = 192.168.x.27")

    accord to that i should not use those public IP's to UTM wan interface facing to internet

    and i should not use this private to my LAN or to UTM interface facing to my LAN?

    i can now give you info that my UTM Wan IP start by 41.x.x.x and my LAN is Something like  192.168.x.x/24 and UTM IP interface linked to this LAN is 192.168.x.x 

    and one of Partner with whom i am setting up the S2S is also using IP like this 192.168.y.y/32 and the other use IP's like10.x.x.x


    Be sur everything is OK on how i set up the ipsec s2s tunnel, the set the Policy at the first time, and after that the remote Gateway and at the end the connection

    i enable the auto firewall

    waiting for news