Hello,
we have a configuration with a SG125 on site 1 and another SG125 on site 2. The SG125 firewalls are connected with an IPSEC Tunnel.
On site a, we have an on premise exchange server, no problem for the first firewall to send his weekly configuration backup.
On site b, the SG125 is also configured to send emails with the configuration backup, but the host cannot reach the exchange server.
In the admin notification log, I see, that the connection to the exchangeserver times out.
On both sides, I created firewall rules to allow the traffic. (vlans 1 and 2 on site a have full acces of vlan 3 and 4 on site b, and vice versa)
What I also tested:
I use the diagnostic tools and pinged the server from different interfaces:
site a, 2 VLANs, the ping from vlan1 (from where the exchange server is reachable) fails (destination unreachable), only from the vlan2, where the exchange server is included, I can ping the server.
site b, VLANs 3 and 4, ping is also failing (destination unreachable). Out of both networks, i can reach the exchange server (from a client for example). If i use the closest route option, I get 100% package loss and no messages about the failed pings.
I have the feeling, the firewall does not know which route to take to get to the server.
Is there a trick, if you want to send emails to a local server over IPSEC?
Thanks in advance for your help
This thread was automatically locked due to age.
