This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One subnet can't access another subnet

Hi.

I'm obviously doing something wrong and it's driving me mad

Sophos UTM. 3 NICs. 1 is the external (internet) NIC

2 is 192.168.0.1/24

3 is 192.168.2.1/24 off of this is a Ubiquiti Dream Machine Pro (UDM) which has 192.168.1.1/24 coming out, with cameras and WiFi clients

I can access the UDM via domain name and configure it and view cameras

But I canNOT access the UDM by IP address - 192.168.1.1

I have set a F/W rule: My machine IP as a Host -> Any IP4 -> 192.168.1.1/24 Network (Allow), and log access, and I can see it allowing it through, but the browser times out and never connects. But even without the F/W I CAN connect using the domain name

Any clues?

This thread was automatically locked due to age.

Parents

0 PhilippRusch over 3 years ago

Hello Mike,

what is the tesult of nslookup (Domainname of UDM)?

When connecting the UDM to interface three it had to have a 192.168.2.x sddress.Otherwise you are doing some magic here...

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to PhilippRusch

Yes the UDM interface/network connected to Sophos is .2.1. Coming OUT of the UDM is .1.1 (it is THIS network I want to talk to).
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippRusch over 3 years ago in reply to Mike Huggins

Hello Mike,

you said 192.168.2.1 is the IP of the UTM to the 192.168.2.0/24 network.

If that is the case, your above setting in the UTM screenshot is wrong.

What is the IP of the UDM in the 192.168.2.0/24 network?

This has to be the Gateway in the UTM-routing table.

Isn't there a "Default gateway" setting at the UDM box? Sometimes called "gateway of last resort"?

If not, I would set the route from "Purple to green" to 0.0.0.0/0 for the destination network.

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to PhilippRusch

Hmmmm... yes I think I can where you're coming from... sort of!

Sophos is on 192.168.2.1

The UDM is on 192.168.2.10

I presumed I wouldn't need to tell the UDM it's own gateway would need to be used. I thought it would just know??
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to PhilippRusch

If I set 0.0.0.0/24 on the UDM as the Destination Network then I get "There was an error saving the static routes changes. Invalid payload."
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to Mike Huggins

Sorry 0.0.0.0/0
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to PhilippRusch

The gateway to Sophos, on the UDM, is set via DHCP (from Sophos), but it seems to stick at 192.168.2.10
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to Mike Huggins

UTM / UDM confusing! Okay I have set the UTM as above

That obviously makes sense!

But...I still cannot connect to the UDM on 192.168.1.1 via IP address
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippRusch over 3 years ago in reply to Mike Huggins

Pls do an nslookup of the name and tell us the ip, as said before.

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to PhilippRusch

That *is* strange! 192.168.0.1 is the UTM address

It is NOT in my LMHOSTS file, but resolves by domain name to the U*D*M
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Mike Huggins

Hmm, Mike - it seems like the route that Philipp led you to should work. What do you learn from doing #1 in Rulz (last updated 2020-11-12)?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Huggins over 3 years ago in reply to BAlfson

Thank you everyone. That does indeed work

I wasn't understanding the Ubiquiti UDM and had to also open "WAN Local" to traffic coming though the Sophos UTM, that then immediately allowed me to see the UDM network (192.168.1.1) coming through the 192.168.2.1 network (Purple Network) on Sophos, from my 192.168.0.1 Green Network

Brilliant!
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Mike Huggins over 3 years ago in reply to BAlfson

Thank you everyone. That does indeed work

I wasn't understanding the Ubiquiti UDM and had to also open "WAN Local" to traffic coming though the Sophos UTM, that then immediately allowed me to see the UDM network (192.168.1.1) coming through the 192.168.2.1 network (Purple Network) on Sophos, from my 192.168.0.1 Green Network

Brilliant!
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data