Hi All
I'm new to Sophos XG and have a newly deployed XG as VM replaced untangle.
I have an IKEv2 VPN server setup on a Linux VM behind XG under Docker. Port forwarding rule has been deployed to allow external connection to the IKEv2 server and clients can connect without issue. I also added the static route (VPN NET to Linux VM as the gateway) so internal hosts can ping the VPN subnet without issue. However, VPN client can't access any LAN hosts besides the VPN host and LAN gateway.
I've tried adding the Firewall rules to allow both directions between VPN and LAN but still no luck. I can see all of the ICMP packets were dropped when pinging from VPN to LAN (Invalid Traffic - Denied - Source: LAN IP, Dest: VPN IP).
Firewall rules are:
1. LAN TO VPN
SOURCE: LAN, VPN NET (10.0.2.0/24), DEST: LAN, INTRANET (10.0.1.0/24), ANY SERVICES, ACCEPT
2. VPN TO LAN
SOURCE: LAN, INTRANET (10.0.1.0/24), DEST: LAN, VPN NET (10.0.2.0/24), ANY SERVICES, ACCEPT
Please let me know what am I missing.
Thanks,
S.
This thread was automatically locked due to age.
