Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 12 replies
  • Subscribers 41 subscribers
  • Views 1704 views
  • Users 0 members are here
Options
Suggested

WIFI "separate zone" didn't work over IPSec

dirkkotte

Hi all,

AP configuration works. I am able to remove & add the AP's.
AP's are recognized and shown as active.
I can see the traffic between AP & XGS Port 2712.
Traffic to port 8472 from firewall to AP is not answered, but i see packets from AP to APIPA-address.
SSID's with "bridge to AP-Lan" or "bridge to VLAN" are working.
With "separate zone" there is no traffic from/to the client.
AP's connected directly to XGS or placed behind RED are working.

Network:
AP --- SG-UTM --------- IPSec -------- XGS --- ClientVLan

AP: 10.101.103.15
XGS-Interface at ClientVLAN 10.101.203.1
XGS-Version: SFOS 19.0.5

Packet Capture from SG-UTM:

Greetings,
Dirk



Added TAGs
[edited by: Erick Jan at 12:27 PM (GMT -7) on 26 Aug 2024]
  • +1 in reply to dirkkotte

    On the SFOS, do you see those packets and are they actually working? Could be, UTM is not sending them through the tunnel. 

    You could try to workaround this by changing the Destination IP to the SFOS LAN IP before the tunnel in UTM and check, if this works. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    AP-Management/Config (Port 2710) is connected correctly.
    Port 8472 to APIPA-IP is discarded by UTM, so it isn't sent through the tunnel.

    "changing the Destination IP"   .... great idea ... my last attempts didn't work ... but now: the DNAT rule does the trick 

    Thanks a lot !!


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML