IPSec site to site tunneling not able to see computers on remote side

2018:10:15-23:49:01 sikanni pluto[14914]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPSec A" address="184.xxx.xxx.xx2" local_net="192.168.xxx.0/24" remote_net="204.xxx.xxx.0/24

2018:10:15-23:49:01 bsloffice pluto[7613]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="24.xxx.xxx.xx1" local_net="204.xxx.xxx.0/24" remote_net="192.168.xxx.0/24"

The 2 external addresses (184.xxx.xxx.xx2 and 24.xxx.xxx.xx1) are correct as well as both the declared internal networks.

Not sure what I should be looking for in the firewall logs.

Sorry a bit of a amateur with the debugging. What should I be looking for? When I attempt RDP to my remote server, no entries appear for the IP that I am trying to query.

BTW thanks for the follow up replies

Hi NeutralSt8,

the IPSec log is not needed.
The packetfilter log ist what i meant.

Best Regards
DKKDG

So I finally got a log entry with the desired IP of the system I am trying to RDP to:

2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: cannot respond to IPsec SA request because no connection is known for 192.68.38.250/32===184.xxx.xxx.xx2[184.xxx.xxx.xx2]...24.xxx.xxx.xx1[24.xxx.xxx.xx1]===204.xxx.xxx.0/24
2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: sending encrypted notification INVALID_ID_INFORMATION to 24.xxx.xxx.xx1:500

to get to this stage, I created a direct definition for the host in the IPSec site-to-site settings. At least I am seeing that UTM is looking for the system.

So I created another set of connection definitions and my tunnel appears to be working. However, I am still unable to RDP to the system. I can ping my destination from my local UTM using the Tools - Ping Check.

Where do I go to define the access to the remote computers? Assume my local subnet is 192.168.200.xxx and I am trying to access the remote computers on 192.168.100.xxx?

I would have thought the definitions described in the Remote Gateway(s) would take care of it .. no?

You might try working through #1 in Rulz.

Please show pictures of the Edits of the Remote Gateway and IPsec Connection from both sides.

Cheers - Bob

Yeah, that all looks perfect.  If you did #1 in Rulz, then that just leaves a routing issue.  When you try to RDP to the server, are you using a numeric IP or a name?

Cheers - Bob

I am using an IP address.

What I had been attempting to do was to switch over from the SSL VPN client connection to the IPSec site to site. When I turn off the IPSec, I am still able to connect with the SSL client and RDP to the server. When I switch back to the IPSec connection, I am no longer able to get to RDP to the same system.

Are there routing settings that will interfere with one connection and not the other?

I would have assumed that once the connection(s) is made, the routing would be the same.

I do have some web servers on the Services side (respondent) of the connection that are using the Webserver Protection functions

Pretty generic stuff.