Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site IPsec VPN with Mikrotik and Overlapping network

Hi everyone,

I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device.

Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help /en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNIPsecConnectionPBVPNNATSameSubnets/index.html

The tunnel is established correctly, but if I try to ping a remote host (ex. 10.10.99.1) from the Sophos LAN, I get timeouts.

However, if I try to ping a host behind the Sophos from the Mikrotik I get a response and at that point the ping from the host behind the Sophos to the remote LAN also starts to work.

In the IPsec configuration I enabled the NAT option
 

Thanks to anyone who can help me


This thread was automatically locked due to age.
Parents Reply
  • Hi,

    I solved the problem by allowing the esp protocol into the input chain on the mikrotik router.
    However, I have a question: why do I not get a response from the console if I do a ping with the Sophos LAN address as the source?

    Pinging from a host behind the Sophos works

    Thank you

    Andrea C

Children
No Data