Hi,
I have 1 issue with IPsec tunnel with Sophos.
Both side is established. But the issue is the traffic won’t seem to be able to reach remote subnet.
Remote subnet traffic can reach our subnet but not ours to their subnet.
Any idea what could have cause this?
Firewall filter on either end, or wrong srcnat on yours are most likely candidates. Filters are obvious. And for srcnat, you must make sure that it doesn’t apply to traffic from your subnet to theirs, because it would no longer match the policy and wouldn’t go to tunnel.
Have check the log for both firewall. No filter actually.
The traffic won’t even reach the remote firewall. The route stop at the MK.
And I have put in MK firewall for the srcnat from ours to theirs so it won’t affect the traffic but result still same.
Should not be an issue with the ipsec setup right as the state is show established and remote site able to reach our subnet just ours not able to reach theirs.
Can’t even ping from MK to the remote subnet. Any idea what else could be the issue?
If I had a crystal ball, I’d use it to look up tomorrow lottery numbers, not someone’s config. 
You need to post something useful, export of “/ip firewall” is something that could help.
Hi,
Thanks a lot for the help. Finally fixed the issue.
The is another rule in our srcnat which cause the issue. Just put our rules on top and it works now.
Appreciate the help.