Hi,
I'm trying to enable an IPSec Site-to-Site connection with a remote location but have a few problems on the route side
Here's my config :
- Sophos XG - SFOS 19.5.2 MR-2-Build624
- Sophos LAN on 172.16.16.x (set as LAN in Hosts and services)
- LAN port is connected to a router acting for DHCP, DNS and other functions (the router is Synology RT2600ac with VPN Server)
- Local LAN on 192.168.1.x (set as LAN1 in Hosts and services)
- Remote LAN on 192.168.2.x (set as LAN2 in Hosts and services)
- Static route on Sophos for 192.168.1.x to static DHCP IP on the 172.16.16.x range
- Sophos DNS is set to 172.16.16.16
- Public IP address is 10.50.xx.xx
And here's the steps that lead to the problem :
- The IPSec Profile is set with the same settings on the Local and Remote servers :
- Firewall Rules FROM and TO all three IP ranges (172.16.16.x, 192.168.1.x, 192.168.1.x) :
- DNAT rules are created as showed here :
- VPN is allowed to PING and DNS in Device Access
- Site-to-Site connection established and active
- I can't ping/traceroute Remote devices via Diagnostics / Terminal of Sophos :
or Local device present in the DHCP range of the Synology router :
- The ping process works from a Remote to Local server though!
I tried a few things I saw on Sophos Community, on Synology's and other forums but can't find a way to make my setup work
Is there anything I could do to make it work?
Thanks in advance and don't hesitate if I can provide anything else
Regards
This thread was automatically locked due to age.
