IPsec Tunnel Routing Problem


I am having an issue connecting (even pinging) remote hosts on the other side of a site-to-site IPsec VPN tunnel.  I can't seem to troubleshoot it, even though everything was working fine a month ago.

Here's the setup:  <> - <UTM A> ===tunnel===<UTM B>-<>

Both Sophos UTMs are completely up to date.  Using pre-shared key.  UTM A is imitating.  The tunnel looks fine (establishes fine, says its up under/green site-to-site), and I can access the webadmin for both UTM A and B from (so some stuff is going through the tunnel just fine).

I can ping (the UTM) from, but any other host is "destination unreachable".  Tracert to is fine, but tracert to fails (and I know the host is up).

I thought the IPsec settings took care of all the routing, so I don't have any static routes or masquerading or NAT set up...it should just work, no?  It did previously!

Anyone know how to troubleshoot?  How would I check the routing tables in UTM B?  Why are packets getting lost on their from, say, to




  • Additional info that I think my be helpful:

    1) I checked the Rulz - think I am good.  Tried turning off IPS just in case, didn't seem to do anything.

    2) I had "create automatic firewall rules" checked on both sides, and confirmed in webadmin that "any" rules should allow traffic for anything through the tunnel.

    3) Any other ideas?

  • In reply to garpace:

    Problem solved!  Just so happens all the hosts I "knew" were up were on a dead switch at the remote site.