Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IKEv2 VPN behind XG unable to access to LAN

   Hi All

I'm new to Sophos XG and have a newly deployed XG as VM replaced untangle.

I have an IKEv2 VPN server setup on a Linux VM behind XG under Docker. Port forwarding rule has been deployed to allow external connection to the IKEv2 server and clients can connect without issue. I also added the static route (VPN NET to Linux VM as the gateway) so internal hosts can ping the VPN subnet without issue. However, VPN client can't access any LAN hosts besides the VPN host and LAN gateway.

I've tried adding the Firewall rules to allow both directions between VPN and LAN but still no luck. I can see all of the ICMP packets were dropped when pinging from VPN to LAN (Invalid Traffic - Denied - Source: LAN IP, Dest: VPN IP).

 

Firewall rules are:

1. LAN TO VPN

SOURCE: LAN, VPN NET (10.0.2.0/24), DEST: LAN, INTRANET (10.0.1.0/24), ANY SERVICES, ACCEPT

2. VPN TO LAN

SOURCE: LAN, INTRANET (10.0.1.0/24), DEST: LAN, VPN NET (10.0.2.0/24), ANY SERVICES, ACCEPT

 

Please let me know what am I missing.

Thanks,

 

S.



This thread was automatically locked due to age.
Parents Reply Children