Below is a rough sketch on my network. VLANs have been set on and by the ISP on their side. VLAN1 is for data. Which means PCs on the left should communicate with those on the right and vice.
From the right I can only ping upto the Sophos which is 10.10.1.1(via static routes). Beyond that, I cannot ping. I hope to get the left side to get DHCP ip addresses from the left side.
I think we are getting somewhere.
Remember, the first issue was I couldn't ping internal resources behind the Sophos XG? Well, the solution was this:
Under Hosts and Services->, I created…
Thank you for contacting the Sophos Community!
Please check this KB to give you an idea.
Is the XG or the Cisco device handing the DHCP?
I have read the article and it is reverse of what I want to do.
In my scenario, the Sophos is the DHCP server that needs to give ip addresses outside the network.
From the outside network, I can only ping up to Sophos, which is 10.10.1.1. I cannot ping beyond that.Is there a firewall rule I have to create?
Thank you for the following up!
Most likely you need, from which zone the traffic from the Cisco device is coming into your network? You would need to create WAN to LAN or LAN to LAN or DMZ to LAN, depending on the zone of the traffic coming from the Cisco.You could do a packet capture on the XG to find the reason why the Ping is not arriving to 10.10.1.1 by following this KBAs per the DHCP not working, are you even seeing the requests coming to the XG? If you do a tpcdump or packet capture in the XG on Port 67 & 68 do you see this requests arriving?
Thanks for responding. I have attached the packet capture. I don't know what it means, but I filtered the display to show ICMP.
I Think since the sites are connected through VLANs, it should be LAN to LAN. But I have tried all possible combinations of these but no success. Please help.