This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

utm to utm RED no longer working after rebuild

Hi all,

I have three personal UTMs that have been doing red tunnels for a couple of years, no issues.  All devices are behind NAT, and two of the devices are servers and the 3rd connects to each one as a client (the two "servers" do not communicate).

I rebuilt the one at my home with v17 XG and (eventually) got it to play nice with the client UTM.

The other server device stopped working recently after my mother in law moved (not a device issue as much as pebkac I think).  So I brought it home and figured I'd go ahead and also rebuild it with XG while I was at it (planning to rebuild the client device later this year).

No matter what I did post-rebuild, although the red tunnel would immediately connect and go green, I could not ping the red interfaces from one another.  Tried a number of things including another rebuild now that v18 XG is out but no dice.

Finally gave up and decided to revert to UTM, but I now get the same behavior there as well - RED tunnel goes green right away but interfaces cannot ping each other.  If I delete the port 3400 port forward pointing to the problem device and point 3400 back to my other server device things work just fine.

Can't for the life of me figure it out, unless there's some kind of weird incompatibility between the zotac hardware in the problem server box and my google fiber internet (mtu or something)?

Thanks!



This thread was automatically locked due to age.
Parents
  • In you first post, you said, "If I delete the port 3400 port forward pointing to the problem device and point 3400 back to my other server device things work just fine."  Maybe we should look at the Edit of that NAT rule...  Also, I get lost on what's where, what works, what doesn't and what "doesn't work" means.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • In you first post, you said, "If I delete the port 3400 port forward pointing to the problem device and point 3400 back to my other server device things work just fine."  Maybe we should look at the Edit of that NAT rule...  Also, I get lost on what's where, what works, what doesn't and what "doesn't work" means.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Sure, sorry for the confusion.

     

    Basically, since I am doing this work at home and have two devices here currently (my normal one I use at home and the problem one), and I have a typical residential ISP, I can only have one device in use at a time with a basic NAT rule that passes port 3400 straight through.

    So when I have the NAT rule point to my own normal home device now running XG, things work just fine (just as they did previously when it was running SG).

    When I point the NAT rule to the problem device, the tunnel connects just fine but the red interfaces won't ping.