Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue on site to site VPN

Hello,

I have a strange issue on site to site VPN between two Sophos XG firewall. The site to site VPN was built with class C subnets as below.

Site A - 192.168.1.0/24

Site B - 192.168.8.0/24

The sophos XG firewall generated VPN rule on top permit any source interface (192.168.1.0/24 & 192.168.8.0/24) and any destination interface (192.168.1.0/24 & 192.168.8.0/24) for any traffic.

I found that some hosts are able to connect remote hosts via VPN.

For example, 192.168.1.24 and 192.168.1.23 are able to access 192.168.8.2 and 192.168.8.7.

But other hosts cannot connect remote hosts via VPN.

For example, 192.168.1.17 and 192.168.1.25 are unable to access 192.168.8.2 and 192.168.8.7.

All 192.168.1.24, 192.168.1.23, 192.168.1.17 and 192.168.1.25 are able to access Internet via Sophos XG firewall.

I tried to change route_precedence to be VPN route running first but no luck.

How should I troubleshoot this issue?



This thread was automatically locked due to age.