Site to Site IPSecVPN access to http / https only working from B to A but not from A to B
MartinStu
Newbie ✭
Dear Community
Setup: Site A TZ370 fix IP address, Site B TZ370 dynamic IP address , IPSecVPN (agressive mode) between site A and B
Ping, RDP, file transfer work both ways between site A and B
http or https access to devices on site A from site B is working but I can not access devices on site B from site A.
I was so far unable to solve the problem.
Any help / advice will be greatly appreciated.
Thank you.
Category: Mid Range Firewalls
Tagged:
0
Answers
Hi @MartinStu
Have you ran a packet capture on both firewalls at the same time? If not, please start troubleshooting with this as it should give some information on whats going on.
Hi Tonya
Thank you for your input. I appreciate it. No I haven't, simply because I have no access to the TZ370 at site B. I can not open the GUI from site A (that's the problem I wrote about) and all the computers for RDP arecurrently down. But I will have someone take care of it and then I should be able to do that. If I can not figure it out myself I will post the the captured packages.
Management access over the VPN will need to be enabled for access to the Firewall UI, at least with that you have a fighting chance of debugging the "other" side
Markd, thank you for your input, but I have enabled Managment via VPN see attachment
Why "apply NAT policies"? That seems like an obvious candidate for access working in one direction but not the other.
Even if site B has a dynamic IP you could still enable management on the WAN interface [restricted to site A's public IP] so you can manage the firewall.