Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 36962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Site to Site

DMR188

Has anyone setup an IPSEC Site to Site VPN yet?  I have everything set and am connecting (Even though it will only connect 1 network and not all, but thats a different issue) to the remote firewall.  Everything shows green in Settings/VPN/IPsec.  However, I noticed the automatic firewall rule has been removed from the VPN setup.  So I'm not able to communicate across the tunnel (mainly printing) and am guessing i need to put in a firewall rule to allow that communication to the remote network and vice-versa.  Can anyone help out with what that rule should be?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Would you be so kind as to confirm what the policy looked like?

    I have successfully got a IPsec VPN running in terms of connecting, but its not passing traffic. I cant ping either end from the boxes.

    I have the following.

    Thanks.

    Identity - match rule based on user ID, = off

    Source

    Zone = LAN and VPN

    Networks = Any

    Services = Any

    Schedule = All the time

    Destination

    Zone = LAN and VPN

    Networks = Any

    Services = Any

    Schedule = All the time

    Action = accept

    everything else is standard or off.

    Sophos XG Certified Administrator

Reply
  • 0

    Would you be so kind as to confirm what the policy looked like?

    I have successfully got a IPsec VPN running in terms of connecting, but its not passing traffic. I cant ping either end from the boxes.

    I have the following.

    Thanks.

    Identity - match rule based on user ID, = off

    Source

    Zone = LAN and VPN

    Networks = Any

    Services = Any

    Schedule = All the time

    Destination

    Zone = LAN and VPN

    Networks = Any

    Services = Any

    Schedule = All the time

    Action = accept

    everything else is standard or off.

    Sophos XG Certified Administrator

Children
  • 0 in reply to RichardPhillips

    Basically that's what my setup is. Except I have two separate policies for traffic going to the VPN and coming from the VPN. Instead of Source Zone LAN and VPN I use Source zone LAN, Destination Zone VPN, then another police Source Zone VPN, Destination Zone LAN.

Unfiltered HTML