Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 3732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN default gateway not working

Downsideup

Sophos XG210

I have two IP addresses configured on my WAN port as VLAN's. Currently all my traffic including an SSL VPN setup is configured on one of those IP addresses.

I would like to set up an IPSec connection on my spare IP so I can take advantage of forcing clients to automatically connect.

I have ran through the setup guide and kind of got it working but my test laptop will not connect to the internet when I select 'Use a default gateway' but it can see local resources. 

When I uncheck the use default gateway option it connects to the internet and onsite resources. But I want the client to use the default gateway so it has the company IP address.

Any idea what I am doing wrong?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  : Thank you for reaching out to the Sophos community team. Option 'Use a default gateway' route internet traffic of end machine to XG and in this scenario you may required VPN to WAN firewall rule and NAT rule to NAT/MASQ outgoing traffic to WAN ( which is coming from VPN).  

    Can you please confirm these required rules are present on your XG?

    If yes it is present and still issue there then please share TCPDUMP and drop packet output from XG for any public IP on which you are checking PING for testing internet after connecting IPsec (remote access).

    TCPDUMP command

    a) console>tcpdump  'host x.x.x.x

    KBA : https://support.sophos.com/support/s/article/KB-000035939?language=en_US

    Drop packet command:

    b) console> drop 'host x.x.x.x

    x.x.x.x is the reference public IP on which you are checking PING after connecting IPsec remote access.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • 0

    Hi  : Thank you for reaching out to the Sophos community team. Option 'Use a default gateway' route internet traffic of end machine to XG and in this scenario you may required VPN to WAN firewall rule and NAT rule to NAT/MASQ outgoing traffic to WAN ( which is coming from VPN).  

    Can you please confirm these required rules are present on your XG?

    If yes it is present and still issue there then please share TCPDUMP and drop packet output from XG for any public IP on which you are checking PING for testing internet after connecting IPsec (remote access).

    TCPDUMP command

    a) console>tcpdump  'host x.x.x.x

    KBA : https://support.sophos.com/support/s/article/KB-000035939?language=en_US

    Drop packet command:

    b) console> drop 'host x.x.x.x

    x.x.x.x is the reference public IP on which you are checking PING after connecting IPsec remote access.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
Unfiltered HTML