This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

site-to-site ipsec vpn routing

Hi all.

I have VPN IPSEC tunnel between Sophos sg105 and Mikrotik. I can ping sophos from mikrotik and mikrotik from sophos. But I can't ping any LAN IP in both networks.

All networks use NAT. What I missed?



This thread was automatically locked due to age.
  • Hi,

    Please provide a detailed network plan and further details from your VPN & NAT configuration.

    Check / post routing tables at booth sides.

    Otherwise it is hard to help.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Sophos network

    wan ip: 100.100.100.101

    local ip: 192.168.48.1

    LAN: 192.168.48.0

    VPN IPSEC. Locale network 192.168.48.0/24, remote gateway 200.200.200.202 and LAN 192.168.5.0, NAT-Traversal checked,

    Route: no static route 

    masquarade - 192.168.5.0 to Uplink interface (tried without this rule)

     

    Mikrotik network

    wan ip: 200.200.200.202

    local ip: 192.168.5.1

    LAN: 192.168.5.0

    NAT: masquarade srcnat and first rule accept srcnat src 192.168.5.0/24 dst 192.168.48.24

    firewall accept any to any

    Static Route: 192.168.48.0 Gateway LAN (if WAN I can't ping anything) Without this route also can't ping enything

    VPN IPSEC, state established. Can ping 192.168.48.1 from mikrotik router and local PC (192.168.5.10)

     

  • Repeated the same settings on other Sophos router. Spent 4 min and VPN works fine and can ping both local networks. Will try to find problem in this router ((

  • I compared all settings between 2 sophos routers. SG105W(work) VS SG210(not work). I can't find problem. How I can dump traffic on this routers ? Maybe some other options to find problem?

  • Pryvit Maks,

    Does #2 in Rulz (last updated 2019-04-17) help you with this ping issue?

    Cheer - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi. Checked all from #2. Nothing ((

  • you may use TCPDUMP from shell to capture traffice and wireshark to check the file.

    next option is to export the configuration from SG105 and import to SG210. Add the correct Sg210 license afterwards.

    Create a backup from SG210 before.

     

    PS: Do you select "bind tunnel to local interface"? Try deselecting this option.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Fixed it.

    I changed my network 192.168.5.0 on mikrotik to 10.0.10.0

    Network 192.168.5.0 conflicted with settings on sophos. I missed this.

    Thanks to all for the answers.