Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Site to Site IPSecVPN access to http / https only working from B to A but not from A to B

MartinStuMartinStu Newbie ✭
edited November 2023 in Mid Range Firewalls

Dear Community

Setup: Site A TZ370 fix IP address, Site B TZ370 dynamic IP address , IPSecVPN (agressive mode) between site A and B

Ping, RDP, file transfer work both ways between site A and B

http or https access to devices on site A from site B is working but I can not access devices on site B from site A.

I was so far unable to solve the problem.

Any help / advice will be greatly appreciated.

Thank you.

Category: Mid Range Firewalls


  • Options
    TonyATonyA SonicWall Employee

    Hi @MartinStu

    Have you ran a packet capture on both firewalls at the same time? If not, please start troubleshooting with this as it should give some information on whats going on.

  • Options

    Hi Tonya

    Thank you for your input. I appreciate it. No I haven't, simply because I have no access to the TZ370 at site B. I can not open the GUI from site A (that's the problem I wrote about) and all the computers for RDP arecurrently down. But I will have someone take care of it and then I should be able to do that. If I can not figure it out myself I will post the the captured packages.

  • Options
    MarkDMarkD Cybersecurity Overlord ✭✭✭

    Management access over the VPN will need to be enabled for access to the Firewall UI, at least with that you have a fighting chance of debugging the "other" side

  • Options

    Markd, thank you for your input, but I have enabled Managment via VPN see attachment

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    edited November 2023

    Why "apply NAT policies"? That seems like an obvious candidate for access working in one direction but not the other.

    Even if site B has a dynamic IP you could still enable management on the WAN interface [restricted to site A's public IP] so you can manage the firewall.

Sign In or Register to comment.