RUTX50 - IPSec tunnel no communication on port 80 to device on LAN

Hello,

I have a RUTX50 with IPSec VPN connection to a Sophos XG firewall.
Remote LAN: XXX.19.250.2/29
RUTX50 LAN: XXX.19.254.22/29
All rules are set up and I have access to port 80 on RUTX50 (XXX.19.254.17/29)
I have set a Hikvision camera on the RUTX50 LAN and the camera gets an IP address (XXX.19.254.22/29). I can ping the camera.
If I plug a PC into a LAN port on the RUTX50 and get an ip address (XXX.19.254.21) then I can access the camera on port 80.
I cannot access the camera on port 80 from the remote site (XXX.19.250.2/29)
How can I open to all traffic through the IPSec tunnel?

Kind regards

Hello,

With IPSec, all traffic should be allowed by default, unless you specified the protocols and the port number selectors explicitly in advanced IPSec settings. So the issue may be somewhere else.

What firmware version are you on?

Did you make any changes to the firewall configurations? If so, could you please share those?

If you are using mobile connection, could you try lowerin MTU manually in Network → Interfaces → mob1s1a1 → Advanced settings? Values to try are 1460, 1360, 1260.

Kind Regards,

Hello,

I’m on firmware RUTX_R_00.07.04.5.

Lowerin MTU dosn’t seem to help.

No changes in firewall configuration but activated Masquerading for lan → wan (Network - Firewall - General Settings - Zones) witch seems to help. I can now access port 80. When I deactivate Masquerading for lan → wan i cannot access port 80.

Kind regards

Hello,

When you enable masquerading on LAN => WAN zone, the source IP of the packets received from WAN (and IPSec) towards LAN, is rewritten to the LAN IP of RUTX50. Likely, the issue is that the camera does not have a default gateway configured towards RUTX50. So if the masquerading is disabled, the camera receives a packet from the Sophos XG network and does not know where to route those packets.

Kind Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.