Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Good morning.
I am having problems with a server when accessing remote servers through an IPsec tunnel.
SITE A has to access SITE B's servers and vice versa
The problem is that for approximately a week one of the servers at SITE A (192.168.200.33) has not reached the servers at SITE B (192.168.100.196)
At both ends is an XGS
The networks are completed through the tunnel and I generated an any-any firewall rule on both firewalls to rule out blocking failures but they still do not arrive.
The communication from the server 192.168.100.196 of SITE B to the server 192.168.200.32 of SITE A is carried out correctly.
The rest of the servers in both locations do not have any problem, the problem is only with server 192.168.200.33.
Reviewing the logs I see that the server 192.168.200.33 uses IPSEC0 as its output interface.
The rest of the servers on the 192.168.200 network that access the 192.168.100.X network use OUTPUT INTERFACE B.
What could have happened to that server that fails so that it now uses the IPSEC0 exit interface and not the rest?
nothing has been changed for that specific server.
The first image is referring to the server that has no problems and it is seen that PORT B is used.
The second image refers to the server that has problems and uses the IPSEC0 output interface
Thank you very much for the help.
Hi Christian Garcia N,
Thank you for reaching out to the community, refer the Sophos Firewall: Route traffic through an IPsec VPN tunnel
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
I had already configured by CLI that to reach the 192.168.100.0 /24 network the generated IPSEC tunnel is used.
All server accesses between both locations are working except the one I indicated (192.168.200.33) which I don't know because it uses the IPSEC0 exit interface and not like the rest that uses interface B as an exit.
then that traffic is going out via WAN, so even after routing towards the IPsec route, it is going out through WAN ?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
I already found the problem.
I was routing traffic through another IPSEC tunnel that we have configured with NAT.
The server that was having problems was removed from one of the IPSEC tunnels and the NAT it was in, but it still continued to apply to me.
After eliminating and configuring again the IPSEC with which my traffic was being routed incorrectly, it seems that it released the connection and everything worked correctly.
thank you so much.