This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED15 --> XG --> XG | Correct Routing

Hallo zusammen,

ich habe ein kleines Problem beim Routing von einem Mini Außenstandort in einen 2. Standort. 

Wenn ich von einem Client der RED15 auf einen Server in dem 192.168.3.0 Netz möchte, routet er es falsch, da die Pakete beim Tracert über die fritz.box rausgehen. 

Wenn ich die Schnittstelle 192.168.4.2 von dem Red Client anpinge erhalte ich eine Antwort. 

Könnte das noch an einer FW Regel liegen ? (Sehe jedoch keine Drops auf beiden XG105)

Aufbau:

RED15: 

Standard/Getrennt

GW: 192.168.2.254

DHCP: 192.168.2.100-200

Getrennte Netzwerke:

192.168.1.0/24

192.168.3.0/24

192.168.4.0/24

XG105-1(Die mit der RED15 Verbindung)

LAN1: Zone LAN | 192.168.1.0/24 mit DHCP 100-200

LAN2: WAN DHCP

reds1: Zone LAN | RED15

reds2: Zone LAN | 192.168.4.1 (Serverrolle)

Routing:

IPv4-Unicast

192.168.3.0/24 | GW 192.168.4.2 | reds2

192.168.5.0/24 | GW 192.168.4.2 | reds2

XG105-2

LAN1: Zone LAN  | 192.168.3.0/24 mit DHCP 100-200

LAN 2: WAN DHCP 

reds1: Zone LAN | 192.168.4.2 (Clientrolle)

Routing:

192.168.1.0/24 | GW 192.168.4.1 | reds1

192.168.2.0/24 | GW 192.168.4.1 | reds1

192.168.5.0/24 | GW 10.200.0.2 | Port3

VG



This thread was automatically locked due to age.
  • Hello n33dfull,

    Thank you for contacting the Sophos Community!

    If you do a TCPdump on the XG105 Interface 192.168.3.X, do you see the Ping from a client on 192.168.2 arrive there?

    IF the traffic is going out the Fritz.box, confirm that the local network of your customer is not in the same subnets as the split network, otherwise, this will cause routing issues.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Do you have LAN to LAN Firewall rules? 

    That would be needed for this traffic. 

    You can log in to each appliance and follow the traffic, as far as i understand, your routing configuration looks fine. 

    So there should be a firewall rule missing or something else. 

    Follow the stream. 

    __________________________________________________________________________________________________________________

  • Hi LuCar Toni,

    yes i have LAN to LAN Firewall Rules two on each Site, one for Incoming and one for outgoing.

    Both XG's obtain DHCP in a ..178.xx network on two different sites, i don't think that this is a problem because XG to XG Communication works.

    I can see this on XG105-2(.3.X) but can't reach 192.168.3.0 network 

    RED15:

    WAN DHCP is in a 172.17.10.0/24 Subnet

    XG105-1

    LAN 192.168.2.0/24 --> LAN 192.168.3.0/24 | Any Service

    LAN 192.168.3.0/24 --> LAN 192.168.2.0/24 | Any Service

    (WAN DHCP: 192.168.178.0/24)

    XG105-2

    LAN 192.168.3.0/24 --> LAN 192.168.2.0/24 | Any Service

    LAN 192.168.2.0/24 --> LAN 192.168.3.0/24 | Any Service

    (WAN DHCP: 192.168.178.0/24)

    Fun fact: 

    i can ping 192.168.3.1 (not GW of XG105-2) and not the GW of XG105-2 192.168.3.254.

    Is it a limit for the RED that in Standard/Split i can only Reach local Subnets ? 


    Regards.

  • Hi Emmanuel,

    i couldn't see any incoming packages on the XG105-1 Site, but i added the two firewall Rules below, i don't use NAT so i don't think that i have to add the transfer Network. 

    Also ask if theres a limit in Routing on the XG15, is it supported to route a network in Standard/split?

    Regards

  • Hi LuCar,

    is this a normal behavior?

    Regards

  • Hello together,

    tanks for everyone. 

    The problem was a German letter in the description of the Network.

    After recreating the Network everything was fine.

    Regards