This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site IPsec VPN with Mikrotik and Overlapping network

Hi everyone,

I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device.

Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help /en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNIPsecConnectionPBVPNNATSameSubnets/index.html

The tunnel is established correctly, but if I try to ping a remote host (ex. 10.10.99.1) from the Sophos LAN, I get timeouts.

However, if I try to ping a host behind the Sophos from the Mikrotik I get a response and at that point the ping from the host behind the Sophos to the remote LAN also starts to work.

In the IPsec configuration I enabled the NAT option



Thanks to anyone who can help me

This thread was automatically locked due to age.

Top Replies

Andrea C 5 months ago in reply to Vivek Jagad +1 verified

Hi, I solved the problem by allowing the esp protocol into the input chain on the mikrotik router. However, I have a question: why do I not get a response from the console if I do a ping with the Sophos…

Parents

0 Vivek Jagad 6 months ago

Hi Andrea C ,

Thank you for reaching out to the community, are you trying to ping with the LAN IP or the NATed IP ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Vivek Jagad 6 months ago

Hi Andrea C ,

Thank you for reaching out to the community, are you trying to ping with the LAN IP or the NATed IP ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Andrea C 6 months ago in reply to Vivek Jagad

Hii

thank you for the support.

With the IP source of the LAN I have a negative outcome, I will try with the IP address (of the virtual subnet).

Stay tuned

Andrea C
Cancel
Vote Up 0 Vote Down

Cancel
+1 Andrea C 5 months ago in reply to Vivek Jagad

Hi,

I solved the problem by allowing the esp protocol into the input chain on the mikrotik router.
However, I have a question: why do I not get a response from the console if I do a ping with the Sophos LAN address as the source?

Pinging from a host behind the Sophos works

Thank you

Andrea C
Cancel
Vote Up +1 Vote Down

Cancel