VPN traffic is not passing through the vpn tunnelhttps://community.sophos.com/sophos-xg-firewall/f/discussions/148053/vpn-traffic-is-not-passing-through-the-vpn-tunnelGood day l have create a site to site to vpn , the vpn is up , but we cannot ping the branch site On the head office there is ospf configured, and if we trace route from the firewall it&#39;s showing that the traffic is going through the ospf vpn ofen-USTelligent Community 12RE: VPN traffic is not passing through the vpn tunnelhttps://community.sophos.com/thread/548926?ContentTypeID=1Fri, 22 Nov 2024 00:39:46 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:a06dc902-8e8a-4cb6-9125-99efc4978b07Erick Jan<p>Hi Anesu,</p> <p>Thank you for reaching out to Sophos Community.</p> <p>I would recommend checking the following.</p> <ul> <li>check the drop packet/packet capture&nbsp; <ul> <li><a href="/sophos-xg-firewall/f/recommended-reads/138132/sophos-firewall-how-to-troubleshoot-dropped-packets">Sophos Firewall: How to troubleshoot dropped packets</a></li> <li><a href="https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/index.html#drop-packet-capture">drop-packet-capture</a></li> </ul> </li> <li>Is the route correct for both sides&#39; traffic? Are the priority correct(static, OSPF, and SDWAN)</li> <li>If traffic is being translated (NAT), correct the translation. Do both sides have the same network configuration?</li> <li>Can the Firewall can&#39;t ping other devices on the other side of the VPN? or only the one you&#39;re testing</li> </ul> <p>For more reference, kindly see kb&#39;s below.</p> <ul> <li><a href="https://support.sophos.com/support/s/article/KBA-000003878?language=en_US">Sophos Firewall: Traffic is not passing through the VPN tunnel</a></li> <li><a href="/sophos-xg-firewall/f/recommended-reads/123740/sophos-firewall-troubleshooting-site-to-site-ipsec-vpn-issues#mcetoc_1elqugv8e6">Sophos Firewall: Troubleshooting site to site IPsec VPN issues</a></li> <li><a href="https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNIPsecConnectionRBVPNNATSameSubnets/index.html">NAT with route-based IPsec when local and remote subnets are the same</a></li> </ul><div style="clear:both;"></div>