Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 18200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New problem with IPSEC tunnel's, I can only reach 2 out of 4 remote networks?

JohnKenny

OK So I eventually managed to get all my IPSEC Site - to - Site connections connecting, I have 4 connections, 2 use 1st policy and another 2 use a 2nd policy.  But I can not access 2 of the VPN's remote networks and its not VPN's using 1 policy the 2 VPN's with issues both use different policies.  I have checked and double checked I have the same settings at each end and I do.  But still I am unable to reach 2 out of 4 remote networks.

When I use the remote route tool they all use the same route so in theory they should work, also I have added all 4 remote LAN's to a firewall rule.

Just to give you more info the 4 vpns are from 2 clients so 2 connect to Sophos UTM's and 2 connect to Draytek 2925's.  So I have 1 VPN that connects to a UTM that works and 1 from a 2925 that works, because the 2 VPN's that dont work are connecting to the same 2 devices I was able to copy the settings of the UTM & 2925 VPN settings so in theory the last 2 VPN's should have worked but as i say they connect but I cannot reach the remote networks.

Any ideas?

Thanks

JK



This thread was automatically locked due to age.
Parents
  • 0
    there are discreet possibilities on what could have been the problem and what I would do to fix the issue.

    1. Re verify the Local and Remote Networks in the IPsec tunnels that are not working, Most common reasons might be the Object you defined might be with a wrong netmask.

    2. LAN to VPN and VPN to LAN rules, Please make sure if you have by chance created Explicit rule set rather Generic rule set, Please check if you have defined the rules for the LAN to VPN and VPN to LAN

    3. Check if the remote networks are colliding with any of the directly connected networks of the XG firewall.

    4. check if you have a static route by mistake.

    5. and make sure there are NO ip-sec routes on the CLI
  • 0 in reply to Kranthi
    OK So i am sure that the Local and remote networks are correct, and the rules i set up are the same ones I just add the new remote Network in the VPN destination.

    To check collisions, I disabled all other VPN's to try the ones with the issues one at a time (I have no idea if this is right when u mention collisions). But still i cant reach the remote networks in question.

    Its bugging me as Im concentrating on the client with the 2 Draytek 2925's I have made sure the setups are identical except the networks, but still one works and one doesnt??

    I so miss the live logs that i had in UTM, when using the diagnostic tools in XG i can see that both vpn's use the same Remote routes is that right? Should they not be different? They both go through the WAN port and via a router IP that must be a virtual interface as its not my actual WAN IP yet it must be correct as one VPN works through it.

    Ive tried recreating the VPN's at both ends several times now but i just cant get it to work, Ive been careful to make the VPN's identical except the remote networks one is 192.168.1.0/24 and one is 192.168.1.0/24. Thats the only difference between the VPN connections. But still only one i can reach remote hosts?

    This is so bugging me now?

    Any more ideas?

    Thanksw

    JK

    CompKickers

Reply
  • 0 in reply to Kranthi
    OK So i am sure that the Local and remote networks are correct, and the rules i set up are the same ones I just add the new remote Network in the VPN destination.

    To check collisions, I disabled all other VPN's to try the ones with the issues one at a time (I have no idea if this is right when u mention collisions). But still i cant reach the remote networks in question.

    Its bugging me as Im concentrating on the client with the 2 Draytek 2925's I have made sure the setups are identical except the networks, but still one works and one doesnt??

    I so miss the live logs that i had in UTM, when using the diagnostic tools in XG i can see that both vpn's use the same Remote routes is that right? Should they not be different? They both go through the WAN port and via a router IP that must be a virtual interface as its not my actual WAN IP yet it must be correct as one VPN works through it.

    Ive tried recreating the VPN's at both ends several times now but i just cant get it to work, Ive been careful to make the VPN's identical except the remote networks one is 192.168.1.0/24 and one is 192.168.1.0/24. Thats the only difference between the VPN connections. But still only one i can reach remote hosts?

    This is so bugging me now?

    Any more ideas?

    Thanksw

    JK

    CompKickers

Children
No Data
Unfiltered HTML