Can`t acces Webadmin or SSH from IPSec VPN (Anymore)

Question

Hey everybody, 
 
 i have a strange Problem. 
 I have Firewall on Main Office and a Firewall in Azure (Both with Firmware SFOS 19.5.3) 
 I have a working VPN and everything seems to be fine. 
 But i cant access the Main Offices Web GUI or SSH CLI from my Azure Network. 
 Until last Week this worked very fine. 
 I`ve tried some things: 
 - Restartet the Services in Advanced Shell 
 - Restartet both Firewalls 
 - Setup the IPSec VPN completly new 
 - Added an Local ACL 
 - Created ANY Firewallruledo 
 
 But nothing works. 
 When i try to reach the Webadmin from WAN, everything is fine (But i dont want to do that) 
 I started a TCP Dump and there i can see, that there are only ingoing traffic... But here is the end of my knowledge, why that happens... 
 Here a Screenshot of TCP Dump:

Maybe someone can help me?

Maik Martin · Accepted Answer

I dont know why, but everything looks fine today with no changes. 
 I think the case is closed

Vishal_R · Answer

Hi Maik Martin Thank you for contacting the Sophos community team and sharing detailed information on this.

I suspect more on the TCP MSS side and fragmentation which may lead to such issues for accessing resources over PBVPN IPSec.

To fix such issues, MSS can be reduced for specific sources and destination networks (with iptable commands) via support ticket, So support may help on the same.

In the long run, the KBA solution below should help here if you want to reduce MSS without support intervention.

Sophos Firewall: Periodic traffic drops on an IPsec site-to-site tunnel
support.sophos.com/.../KB-000038555

Can`t acces Webadmin or SSH from IPSec VPN (Anymore)

Top Replies