This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Keine Daten durch IPsec Tunnel

Hallo,

 

ich habe eine IPsec Verbindung zwischen einer XG86 und einer SG210 erfolgreich aufgebaut. Ich habe in der XG die Firewall Regeln laut Anleitung angelegt. Die Regeln in der SG habe ich automatisch anlegen lassen. 

 

Leider gehen keinerlei Daten durch den Tunnel. 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

     

    i did allready:

    Ethernet header
    Source MAC address:c8:1f:66:b6:28:e8
    Destination MAC address: 7c:5a:1c:d4:d3:1c
    Ethernet type IPv4 (0x800)
     
    IPv4 Header
    Source IP address:192.168.208.3
    Destination IP address:192.168.201.8
    Protocol: TCP
    Header:20 Bytes
    Type of service: 0
    Total length: 52 Bytes
    Identification:42798
    Fragment offset:16384
    Time to live: 127
    Checksum: 14904
     
    TCP Header:
    Source port: 52300
    Destination port: 3389
    Flags: SYN
    Sequence number: 1607317669
    Acknowledgement number: 0
    Window: 64240
    Checksum: 26565

     

  • FYI the xg is behind a fritzbox without any portforwoarding. 

    I dont have access to the box, this why i initiated the connection from the xg

  • Hi  

    The RDP traffic is forwarding to rule ID 5, could you please confirm what is the rule ID 5. You can also capture the packet at the SG end or initiate the traffic from XG and try to capture packet on the IP from where the traffic behind SG has been initiated.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

     

    i dont see the package incoming in the SG. The Rule ID 5 is the outgoing rule for VPN.

    I think its a routing problem. Because the XG Show in log "Out Interface" Port 2 which is the WAN interface, shouldnt it a vpn interface?

  • Hi  

    In one of your previous comment you have informed us that you have initiated the connection of remote IPsec LAN from XG.

    Remote VPN network you can not test from XG without manual IPSec route. ( As route must needed then only XG initiated traffic will be submitted to ipsec).

    You may generate a PING from any machine which is part of LAN network ( which is define inside the tunnel ) and check the tcpdump which you have captured on UI, for traffic which is generate from LAN machine you will be able to see out interface ipsec0 and LAN to VPN rule id if the rule settings fine. 

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.