IPSec traffic not tunneled

Question

Hi, 
 there is a IPSec tunnel not tunneling traffic to remote site. 
 Traffic from remote site to my site is sent trough tunnel as expected, but traffic to remote site is being nated and sent trough WAN interface. 
 Remote site has to use my internet connection, so local tunnel network is 'any'. I don't know if that's the issue, but should actually work. 
 I double-checked tunnel settings on both sites and tested it also with No-NAT-rule, but didn't work. 
 
 Local subnet: 192.168.30.0/26 
 Remote subnet: 192.168.2.0/24 
 Firmware: SFVH (SFOS 19.5.3 MR-3-Build652 
 
 Is there any known bug or something?

rfcat_vk · Accepted Answer

Hi, 
 please check your routing and sd-wan settings. 
 ian

Erick Jan · Answer

Hi Ash666, 
 Thank you for reaching out to Sophos Community. 
 In Addition to rfcat_vk, kindly check the following KB for references if this might assist you. 
 
 Sophos Firewall: Troubleshooting site to site IPsec VPN issues 
 Sophos Firewall: Troubleshooting steps when traffic is not passing through the VPN tunnel

Ash666 · Answer

Thanks for your answer. Problem was actaully my SD-WAN-Route. I changed route precedence with following command, now it's working fine. 
 system ipsec_route add net 192.168.1.0/255.255.255.0 tunnelname <tunnelname>

IPSec traffic not tunneled

Top Replies