Problem between RED and XG - transmission of the voice

Additive:

The connection to the "wired" telephones works. Only the connection to the telephones, which are connected via VPN, does not work.

Hi Admin TSK,

Thanks for reaching out, and welcome to the Sophos Community! 

What is the configured RED deployment mode? 

Have you configured DoS protection or IPS on the firewall rules for the RED network? 

Thanks, 

Hi H_Patel,

the RED deployment mode is "Standard/Unified".

I have no DoS or IPS configured for the RED firewall rules.

Many thanks Martin

Hi Admin TSK,

Admin TSK said:

The connection can be established (it rings and you can pick up the receiver), but nothing can be heard.

Is issue reported with one-way communication or two-way communication?

Is there any SNAT applied on the firewall rule configured to allow communication between the RED network(192.168.150.0/24) and XG local network(192.168.130.0/24)?

Also, please check if SIP is loaded or not.

Login to SSH > 4. Device Console

console> system system_modules show

Hello Yash Kothari,

I have logged into the console. SIP is activated.

I don't understand that with the SNAt or I don't have instructions for the XG 18.5. Does SNAT have to be set?

Hello,

I ask the question a little differently. How do I get the RED network (192.168.150.0/24) to reach the VPN network (172.168.130.0/24). There does not seem to be any communication between these two networks. A ping is not possible, for example.

Best wishes
MArtin

Can anyone help me with this problem?

Assuming you have kept RED in the VPN zone.

In this case, you just need VPN to LAN firewall rule to communicate between Sophos Firewall local network: 192.168.130.0/24) and RED network: 192.168.150.0/24

If it's in the LAN zone, then a firewall rule needs to be configured with LAN as a source and destination zone.

Please take the packet capture by following the below steps:

==> Navigate to Diagnostics > Packet capture

==> Use BPF string: host 192.168.150.x and proto ICMP

Here, 192.168.150.x is an IP address of the source machine from where you're checking ICMP(ping).

==> Start the capture and initiate a ping from the RED network machine.

This would confirm whether traffic from the RED network hits on Sophos Firewall or not.

Assuming you have kept RED in the VPN zone.

In this case, you just need VPN to LAN firewall rule to communicate between Sophos Firewall local network: 192.168.130.0/24) and RED network: 192.168.150.0/24

If it's in the LAN zone, then a firewall rule needs to be configured with LAN as a source and destination zone.

Please take the packet capture by following the below steps:

==> Navigate to Diagnostics > Packet capture

==> Use BPF string: host 192.168.150.x and proto ICMP

Here, 192.168.150.x is an IP address of the source machine from where you're checking ICMP(ping).

==> Start the capture and initiate a ping from the RED network machine.

This would confirm whether traffic from the RED network hits on Sophos Firewall or not.

I have to explain it a little differently again.

From the LAN (192.168.130.0) I can get into the RED network (192.168.140.0) without any problems.

My problem is that I cannot get into the RED network from the VPN network (172.168.130.0).

With a ping to 192.168.150.101, for example, "Response from 62.155.247.198: Target network cannot be reached."

However, I do not know this IP.

I have set up a firewall rule VPN - RED / RED - VPN.

However, this has not yet resulted in success.

Can you help me here?

Best wishes
Martin

Which VPN are you using?

Could you please also post a snapshot of the RED interface configuration?

It would be great if you can share a rough network diagram.

Hello,

I have attached my RED config. Unfortunately I don't have a network diagram. But it's nothing great.

I have a

1. LAN: 192.168.130.0/24
2. VPN: 172.168.130.0/24 - Sophos Connect
3. RED: 192.168.150.0/24

Everything works between LAN and VPN / RED
Not between VPN and RED.

He just doesn't know the route from 172.168.130.0 to 192.168.130.0.

Best wishes
Martin

Request to follow the steps below to check packet flow:

==> Go to Diagnostics > Packet capture

==> Enter BPF string: host 192.168.150.101 and proto ICMP

==> Start a ping to 192.168.150.101 from VPN network 172.168.130.0/24 and share packet capture snapshot.

here?

if I set this and execute a ping nothing happens ...

Start packet capture with BPF string: host 192.168.150.101 and proto ICMP as shown below.

Then, ping to 192.168.150.101 from VPN network 172.168.130.0/24 and share packet capture output.

Ok... i have do this...

The result is... no entries...

We have a second RED, with IP 192.168.140.0/24

A PC behind it has the IP 192.168.140.103

The two networks simply cannot seem to see each other.

Martin

Which VPN are you connecting to? Is it remote access VPN or site to site?

Please take packet capture on IP address to which you're testing ping connectivity. 

eg: host 192.168.150.101 and proto ICMP

or 

host 192.168.140.103 and proto ICMP

We use the Sophos Connect client.

When I send the ping from the RED network, the following appears in the log ...

When I send the ping from the VPN network and change the host to 172.168 ... nothing appears in the log ...

Can you help me?