IPsec Tunnel Routing Problem

Hi.

I am having an issue connecting (even pinging) remote hosts on the other side of a site-to-site IPsec VPN tunnel.  I can't seem to troubleshoot it, even though everything was working fine a month ago.

Here's the setup:  <192.168.1.0/24> - <UTM A> ===tunnel===<UTM B>-<192.168.30.0/24>

Both Sophos UTMs are completely up to date.  Using pre-shared key.  UTM A is imitating.  The tunnel looks fine (establishes fine, says its up under/green site-to-site), and I can access the webadmin for both UTM A and B from 192.168.1.0 (so some stuff is going through the tunnel just fine).

I can ping 192.168.30.1 (the UTM) from 192.168.1.0/24, but any other host is "destination unreachable".  Tracert to 192.168.30.1 is fine, but tracert to 192.168.30.14 fails (and I know the host is up).

I thought the IPsec settings took care of all the routing, so I don't have any static routes or masquerading or NAT set up...it should just work, no?  It did previously!

Anyone know how to troubleshoot?  How would I check the routing tables in UTM B?  Why are packets getting lost on their from, say, 192.168.1.10 to 192.168.30.14?

 

 

 

  • Additional info that I think my be helpful:

    1) I checked the Rulz - think I am good.  Tried turning off IPS just in case, didn't seem to do anything.

    2) I had "create automatic firewall rules" checked on both sides, and confirmed in webadmin that "any" rules should allow traffic for anything through the tunnel.

    3) Any other ideas?

  • In reply to garpace:

    Problem solved!  Just so happens all the hosts I "knew" were up were on a dead switch at the remote site.