This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT-T not automatically activated in new VPN IPSec tunnel between SG125 and SG230

Hello community,

i got a question related to the NAT Traversal setting in Sophos UTM (9.714-4). I created a new VPN tunnel between an SG125 and an SG230 and the tunnel seems to be up and running fine, according to the webinterface, but i am not able able to reach any hosts from neither side of the tunnel. I double checked the configuration regarding the allowed nets and firewall rules, everything is fine. I started to compare every setting from the new tunnel with the existing ones and saw, that there is no NAT Traversal entry in the tunnel configuration (TUN_GRE is the new tunnel):




I checked the "Advanced" tab in IPsec, where NAT Traversal is activated, so i thought it should be in the tunnel settings, when i create a new tunnel?



Can anyone help and explain how to get the NAT Traversal setting into my new tunnel configuration?


Greetings from Germany,

Raimond



This thread was automatically locked due to age.
Parents
  • I also opened support case 06464880 and keep this thread updated, when there is progress

  • Hello,

    this depends on the configuration of the other site, too. If there is no NAT-T needed, then the (global) activation of NAT-T will not lead to it being used on that

    sepcific connection, while on other connection it is in use. Check your config on both sites and the routers in between.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello,

    this depends on the configuration of the other site, too. If there is no NAT-T needed, then the (global) activation of NAT-T will not lead to it being used on that

    sepcific connection, while on other connection it is in use. Check your config on both sites and the routers in between.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hello jprusch,

    and thank you for your answer. There is a router on both sides of the tunnel, but the SG230 sites configuration does not need NAT-T.

     
    So what will happen to my existing tunnels on the SG230 site, when i activate NAT-T? As far as i researched, NAT-T should be an intelligent technique, which detects the need of NAT-T per connection and enables it if needed. So i guess it will detect the need for my new tunnel, implements NAT-T and keeps the other tunnels as they are? 

    Best regards,

    Raimond

  • That's exactly what should happen.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I just activated NAT-T, worked perfectly. My new tunnel uses NAT-T now and i can transfer data. The other tunnels seem still fine. Thank you for the help.

    Best regards,
    Raimond