non Meraki VPN with Sophos - Routing Problem

MCF-McGyver
Comes here often

non Meraki VPN with Sophos - Routing Problem

Meraki Support don´t answer 😞

 

The remote site is Sophos. According to the event log, the connection is established, the status dot is green, but unfortunately no data can be transferred. A ping also leads to nothing. The receiving station sees that the connection is active, but cannot see any errors. The automatic entry in the routing table designates the public IP as the next hop - this is wrong. The next hop must be the tunnel(device) or the IPsecPeer!

8 REPLIES 8
alemabrahao
Kind of a big deal
Kind of a big deal

Have you configured the local networks to participate on the VPN?

 

alemabrahao_0-1675778563542.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MCF-McGyver
Comes here often

Yes. The local networks have VPN mode enabled.

Can you show your configuration, the rounting table, non-meraki peers and exported subnets?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MCF-McGyver
Comes here often

The Screenshots... nonMerakiVPNPeerexported.jpgnonMerakiVPNPeerOnline.jpgnonMerakiVPNPeerPING.jpgnonMerakiVPNPeer.jpg

Looks good, do you have Sophos access? Did you check if there are any rules in Sophos that could be blocking access?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MCF-McGyver
Comes here often

nonMerakiVPNPeerRoute.jpg

The next hop is correct, It's how the things work on Meraki. Probably there are some configuration incorrect on Sophos.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MCF-McGyver
Comes here often

No, no access to sophos site but the guy there says "no blocked here". He means that the next hop in the meraki routing table is the public IP - and thats not correct!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels