Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1425 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLANs on IPsec Site-to-Site get no connection

superfun2k22

Hi,

I have two SG210 with UTM 9.709-3 installed.

One is at the headquarter and the other at the branch.

At the headquarter I set up IPsec with remote-net 192.168.11.0/24 and branch 192.168.12.0/24. VPN-Pool (IPsec) uses 10.242.4.0/24.

The headquarter has 3 Vlans: 192.168.100.0/24 / 192.168.150.0/24 / 192.168.200.0/24. 
All have an DHCP on Server running, so Headquarter has no DHCP on UTM.

IPsec Tunnel is established succesful, 

The goal is to have the same Vlans on branch and devices get their IPs from the DHCP in the Headquarter, because there are devices that can only get IP per DHCP.

Actually I can´t even ping from HQ to branch and in the other direction, even with established IPsec-Tunnel.

Can somebody help me? I´m on this few days now and I was almost there with a RED-Tunnel between both SG201, but I only could ping from UTM to network behind, not from Network to Network, but even people from Sophos told me, only way is IPsec, with RED it´s impossible.. but with IPsec actually nothing works



This thread was automatically locked due to age.
Parents
  • 0

    Hallo and welcome to the UTM Community!

    I'm confused about why you would need a NAT rule.  I don't think DHCP will work through an IPsec tunnel - you would need a RED tunnel for that.  It's hard to "see" what your situation is - please insert pictures of the Edits of the IPsec Connection and Remote Gateway from both sides and tell us which networks listed aren't communicating.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo and welcome to the UTM Community!

    I'm confused about why you would need a NAT rule.  I don't think DHCP will work through an IPsec tunnel - you would need a RED tunnel for that.  It's hard to "see" what your situation is - please insert pictures of the Edits of the IPsec Connection and Remote Gateway from both sides and tell us which networks listed aren't communicating.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML