Hello guys,
I am having an issue in which the SMB 1400 cannot access hosts (DNS, DHCP, NTP servers) on a remote network via site-to-site VPN. Connections originating from the internal hosts work great.
I have checked the advanced option "Use internal IP address for encrypted connections from local gate", but now connections are started with the SYNC interface IP address instead of an IP in the local encryption domain, so they are dropped before entering the VPN tunnel:
;[cpu_0];[fw4_0];fw_log_drop_ex: Packet proto=1 10.231.149.2:2048 -> 172.16.1.2:29833 dropped by vpn_encrypt_chain Reason: No error;
How can I make this work correctly?
The question is hard as very few information is given:
- i would assume that this 1400 is locally managed (although it is an expensive 1400), as the Advanced Setting mentioned is only available when locally managed
- is "Disable NAT for this SIte" enabled in VPN Site definition ?
- how are the Encryption Domains defined ?
- what is the Error when the SMB 1400 cannot access hosts and where is the packet dropped ?
- which GW is the VPN peer and what do the logs show there ?