Sophos IPSec (Site To Site) connected but no traffic

Question

Hello, 
 We have two Sophos Firewall machines hosted on ESXi in different data centers, both running the same version (SFOS 20.0.1 MR-1-Build342). They are configured to connect to each other via IPSec as shown in the screenshots below. The IPSec connection is established successfully. However, neither side can ping each other or access any services on the other side. 
 I have read many topics on the forum regarding this issue, but unfortunately, I have not been able to resolve it. When I initiate a ping and use Packet Capture to inspect the incoming and outgoing packets, I see that there is data traffic over the VPN tunnel and that it is coming through the ipsec0 interface. 
 I would appreciate your assistance with this issue.

Erick Jan · Answer

Hi, 
 Thank you for reaching out to Sophos Community. 
 Since the tunnel was established for both firewalls,I would recommend checking the following: 
 
 VPN/Firewall rules for both Firewalls for any restrictive rules 
 Verify that ping is allowed in Device Access(VPN) 
 Routing Table 
 Check also the drop packets 
 
 You may also refer to the following 
 
 Sophos Firewall: Traffic is not passing through the VPN tunnel 
 Sophos Firewall: Troubleshooting site to site IPsec VPN issues

Mayur Makvana · Answer

Hello, 
 Thank you for contacting Sophos Community! 
 Kindly refer to the below KBA that can help identify the cause. 
 community.sophos.com/.../sophos-firewall-how-to-identify-the-communication-issue-with-up-and-running-ipsec-tunnel