Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 4185 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18 - cannot ping to XG from route based VPN

Wimar Aswan

Hi,

I'm trying out the XG v18 route based VPN. So far I've got it replacing the policy based VPN to Azure and between sites. What I've noticed is that since switching the VPN from policy to route, I'm unable to ping the XG from the other side of the tunnel. I can ping other devices so I know the tunnel is working, I just can't ping the XG's local IP from the remote tunnel. Pinging the XG's WAN IP works, however that would be cause of the local ACL exception. All XG are on SFOS 18.0.0 GA-Build354.

 

Thank you.

WA



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    So it turns out the XG is trying to reply to the ping using the WAN port instead of the xfrm port. If I add a static route pointing to the remote XG xfrm port IP address, ping now works. Issue seems to be with the SD WAN policy then as I have to use static routes to make things work.

    I followed the Sophos Support YouTube video to create the route based VPN and SD WAN policy. Slight change that I did was that I left the incoming interface blank and I added the SSL and Sophos Connect subnets of each XG in source and destination. I have tried removing this and making it the same as in the video, however the ping issue occurs without static routes.

  • 0 in reply to Wimar Aswan

    Resolution was to set the source network to any so that it would include traffic generated from the firewall itself.

Unfiltered HTML