ich habe eine IPsec Verbindung zwischen einer XG86 und einer SG210 erfolgreich aufgebaut. Ich habe in der XG die Firewall Regeln laut Anleitung angelegt. Die Regeln in der SG habe ich automatisch anlegen lassen.
Leider gehen keinerlei Daten durch den Tunnel.
Hi Jan-Niklas Keese,
Could you please share screenshot of your firewall rules for the VPN?
If tunnel has been established, I think it would be the firewall rule issue or static route is sending all the traffic through WAN interface.
Community Support Engineer, Support & Services | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
here are the FW rules:
I took a look at the Routing's, there is no static root.
Hi Jan-Niklas Keese Could you please try to remove the source and destination network from LAN to VPN and VPN to LAN firewall rule and verify?You may also use packet capture utility to capture traffic coming from the VPN tunnel = https://community.sophos.com/kb/en-us/130140
KeyurCommunity Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
sorry don't understand. What should I put in? Any?
Hi Jan-Niklas Keese Please put ANY for the testing purpose to if the traffic is getting through or not.
I did, but didnt changed anything. Looks like this now:
Hi Jan-Niklas Keese Could you please try the packet capture utility, I have shared in the previous response.
i did allready:
FYI the xg is behind a fritzbox without any portforwoarding.
I dont have access to the box, this why i initiated the connection from the xg
Hi Jan-Niklas Keese The RDP traffic is forwarding to rule ID 5, could you please confirm what is the rule ID 5. You can also capture the packet at the SG end or initiate the traffic from XG and try to capture packet on the IP from where the traffic behind SG has been initiated.
i dont see the package incoming in the SG. The Rule ID 5 is the outgoing rule for VPN.
I think its a routing problem. Because the XG Show in log "Out Interface" Port 2 which is the WAN interface, shouldnt it a vpn interface?
Hi Jan-Niklas Keese In one of your previous comment you have informed us that you have initiated the connection of remote IPsec LAN from XG.Remote VPN network you can not test from XG without manual IPSec route. ( As route must needed then only XG initiated traffic will be submitted to ipsec).You may generate a PING from any machine which is part of LAN network ( which is define inside the tunnel ) and check the tcpdump which you have captured on UI, for traffic which is generate from LAN machine you will be able to see out interface ipsec0 and LAN to VPN rule id if the rule settings fine.
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.