Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 29417 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED between UTM - routing works, but UTM on both sides can't access the network

open

Hello guys,

 

I have a problem concerning a RED connection between two UTMs.

The connection is established and works finde. Routing as well.

 

The only problem is, the UTMs can't access the networks on the other side, PING isn't working either.

Devices within this networks are able to access the other networks.

 

Any ideas? I am a bit stuck at the moment and need it to work, because the UTM needs to access the ActiveDirectory Server at the other side of the tunnel which isn't working.

PING tests were made with the UTM tools.

 

Thanks in advance.

 



This thread was automatically locked due to age.
  • 0 in reply to giomoda

    Sorry for the poor description. But as mentioned initially, the rounting between the networks is set and works. With my MacBook in Net 1 I can access my Domain Controller in Net 2. That is not the problem. My problem is and that is what I don't understand, why the UTM from Net 1 can't connect to the ActiveDirectory for user authenticaton, there is a connection timeout.

  • 0 in reply to open

    What, if anything, do you learn from doing #1 in Rulz on both sides?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    On the UTM
    2018:01:22-12:06:46 central aua[28519]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test"
    2018:01:22-12:06:46 central aua[28519]: id="3006" severity="info" sys="System" sub="auth" name="Bind test request: adirectory"
    2018:01:22-12:06:49 central aua[28519]: id="3006" severity="info" sys="System" sub="auth" name="Bind test failed. Method: adirectory, error: DENIED
    2018:01:22-12:06:49 central aua[28519]: Connection to ldap://10.20.10.10:389 failed"
     
    On XG with the server nothing. But I can connect to RDP from the UTM network.
  • 0 in reply to open

    Hey open.

    I still think your RED interfaces have a different IP then what you are telling us. Some screenshots of your interfaces and static routing would really be helpful.

    Bob, what I'm seeing is that his site-to-site communication is working, although I cannot for the life of me understand how if what he's saying is correct and his RED interfaces are is the same subnet as his LAN interfaces. What he needs is for his UTM to communicate with remote servers. Every time I had such a need it came down to allowing RED's interface IP address into the remote network by adding it to the firewall rules. But open claims his RED interfaces have IPs in the same network as his internal network and that those are covered by his current firewall rules. I truly cannot understand how this would be possible. Maybe you can have better luck figuring this out. 

    Regards,

    Giovani

  • 0 in reply to open

    It sounds like you will need to have Sophos Support take a look at this.  Please let us know what they discover and the fix.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

    I think that too...

     

    And I am going to hate XG. Since this morning I can't access the XG from the UTM, but the UTM from XG. There was not change to any setting at any appliance. In the meantime I have connected a third UTM appliance via RED, which can be accessed from and to any network.

Unfiltered HTML