Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 32423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-toSite VPN cannot access XG on remote site using normal 4444 port.

Mark Stoker

I have set up a iPsec VPN between 2 sites (Site A 192.168.99.x, Site B 192.168.1.x)

The VPN works fine and I can access servers on SITE B from SITE A via RDP connections using local IP's

However If I try to access the XG device at SITE B (https://192.168.1.3:4444) from SITE A it will not connect. - I have also found other connections on SITE B are also not found including the Sophos Firewall Manger device (hardware). I can ping these device with no problem from SITE A -> SITE B - very strange ?

 

Running ( XG210 (SFOS 17.1.1 MR-1) )



This thread was automatically locked due to age.
Parents
  • 0

    Following this thread. I have the exact same issue occurring only when connected via IPsec tunnel. Everything else within the subnet (192.168.1.0/24) works fine. I can ping the router no problem, and just was able to SSH to it as well. DNS and access to both the client portal and the admin portal do not work. 

     

    If I connect via a remote-access SSL VPN (OpenVPN) I can access everything without any trouble. I'm thinking this has to be a bug of some sort.

  • 0 in reply to Wequiock

    It is a simple MTU size issue. The Packets are to large and XG is dropping them. 

    The workaround will fix this, if you want to. You need to apply it on your connected IPsec tunnel device. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I just gave it a go and it worked for a few minutes before failing.

    It did not fix the issue. I thought it had worked, but I was accessing the client-portal via the WWW and not over the IPsec tunnel. I should point out that everything else works as it should - AFP/SMB fileshares, web hosts on the local network, etc. I can ping the Sophos XG, but that's it. Any services hosted on the XG (such as DNS) are inaccessible over the IPsec tunnel. 

  • 0 in reply to Wequiock

    Wait a moment - The workaround just fix the Webadmin / user Portal.

    Everything else should work fine. 

    Can you post your device access page? 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to Wequiock

    Wait a moment - The workaround just fix the Webadmin / user Portal.

    Everything else should work fine. 

    Can you post your device access page? 

    __________________________________________________________________________________________________________________

Children
Unfiltered HTML