We'd love to hear about it! Click here to go to the product suggestion community
Though the question has been asked many times, I've setuo the IPSec Tunnel (Site2Site) between Sophos XG105 (SFOS 17.0.6 MR-6) and Cyberoam with 16.5 MR.
The tunnel is up and Active, but the internal IPs at both ends are not reachable. I can ping from Sophos to internal IPs of Sophos end and similarly from Cyberoam to Internal IPs of Cyberoam end.
Also, I've configured Static route for Internal subnets of opposite ends on both Sophos & Cyberoam.
Please check the firewall, you must allow internal IPs at both Firewall through each other.
Hope it can help you
In reply to Huy Vu:
Firewall rules are set for LAN to VPN & VPN to LAN with the respective subnets.
In reply to Ajay Sharma1:
Please send live log of VPN to here. I think we can find issues together.
Please refer article: https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-issues-bugs/98065/site-to-site-vpn-connectivity-issue-between-sophos-xg-16-05-6-mr-6-firmware-and-17-0-0_ga-sfw-80
Some issues will occur if you connect VPN IPSec with SFOS v17 and v16.5
In Administration | Device Access | VPN | check if PING is selected. Verify the network subnets are defined properly in the IPSec policy on both the end.
Check #1.1 in my troubleshooting guide and see if the traffic is passed through the IPSec tunnel. PM me a screenshot to see the packet communication.
In reply to sachingurung:
Sachin, please move this thread to the proper XG forum.
Cheers - Bob
In reply to BAlfson:
Bob, I have moved the thread.
Ajay Sharma1 I have moved it in the XG group's VPN forum to get more attention.
I've tried re-configuration of Tunnel. Static Routes / Even Policy Routes, but to no avail.
When I trace from Any of the ends the packets get lost after 5 -8 hop. I feel like contacting my ISPs as at both ends we have different providers.
Also, Have I mentioned that one end is Cyberoam with 10.6.6 and Sophos XG 105 with 17.0.6 MR-6. Could this be a reason for no traffic. Policies I'm using.
If you did a packet capture as I suggested in my previous response did you see the traffic flows from/to the IPSec interface of both firewalls? If yes, then you must get your ISPs to investigate the issue further.