Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

IPSEC Site to site conneted

I Need  help regarding my ipsec. I have two sites HQ and remote site. The firewall is connected through ipsec. I have set both inbound and outboud rules.

But am still not able to ping each end of the firewall or to remotely access resources at HQ. Kindly advice .



Added TAGs
[edited by: Erick Jan at 12:25 AM (GMT -7) on 7 Oct 2024]
Parents
  • After disabling NAT-Rules ... if the problem stays existent (there are no hits at the NAT rules, so i think it is not source of the problem)

    Is there an additional firewall (or other restricting router) in front of one of the firewalls?  (Problems seen with Cisco - IPSec Inspection)

    XGS at both locations? Which version do you run at the systems?

    There is an IPSec change, which my generate problems you describe.

    (Tunnel is up but no traffic through tunnel)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Yes the tunnel is up but i cant ping either ends. i have xgs at remote site and HQ all running same firmware 20.02. i dont have any rules all i have is VPN rule and Main_Lan to Wan All access rule that is all i have. so i dont know what is blocking access

  • I would recommend:

    Packet capture at both sites. with filter = both external ip's ( BPF-String:  host xx.xx.xx.xx and host yy.yy.yy.yy  )

    What type of packets do you see ?? (IKE=500  && ESP or 4500 ??)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • I would recommend:

    Packet capture at both sites. with filter = both external ip's ( BPF-String:  host xx.xx.xx.xx and host yy.yy.yy.yy  )

    What type of packets do you see ?? (IKE=500  && ESP or 4500 ??)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children