IPSEC VPN Multiple Lan Subnet from Sophos XGS to CISCO: only one subnet works at a time

Question

Hi, 
 we're experiencing a problem with Ipsec Vpn (site2site) from Sophos to Cisco. 
 In the Ipsec tunnel we have two subnet (subnet1 e subnet2) at sophos vpn side and one subnet (subnet3) in the remote site managed by cisco. 
 It seems that only on subnet at time works but not both. 
 When ipsec tunnel is up only traffic from subnet1 can reach subnet3. If I remove subnet1 from the ipsec tunnel subnet2 can reach subnet3 on the other side. 
 
 Is there a way to by bypass this problem? 
 
 Thanks in advance

Erick Jan · Accepted Answer

Hi Gianluca, 
 Thank you for reaching out to Sophos Community. 
 I would recommend checking the logs/configuration(route, traffic, firewall rule) and comparing both subnets on both Cisco and Sophos firewalls. 
 You may check the following for reference. 
 
 Sophos Firewall: How to Identify the communication issue with up and running IPSec tunnel 
 Sophos Firewall: Troubleshooting site to site IPsec VPN issues 
 Packet Capture

IPSEC VPN Multiple Lan Subnet from Sophos XGS to CISCO: only one subnet works at a time

Top Replies