Sophos Firewall

Discussions Is IPSec site to site VPN possible when you connect a router behind the firewall?

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 27 subscribers
Views 4765 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is IPSec site to site VPN possible when you connect a router behind the firewall?

ZadokXerxes over 7 years ago

On this particular branch, IP addresses are leased by the router. I want to make SOPHOS XG the EDGE device without removing the router.

The IP address of the SOPHOS box obviously is on a different subnet.

My tunnels are up, but I can not PING.

My XG device is 192.168.4.1

The LAN is 192.168.1.0

Is IPSec site to site VPN feasible? If so, what do I need to change in my Firewall rules to enable traffic?

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 7 years ago

Hi,

You already open an quite similar thread to this?

https://community.sophos.com/products/xg-firewall/f/network-and-routing/105315/ip-sec-tunnels-ends-of-the-tunnel-cannot-ping-each-other/384496#384496

So the tunnel is Up?

But you cannot ping what?

And how did you create the tunnel?

XG uses NAT-T per default, so this should be possible.
Cancel
Vote Up 0 Vote Down

Cancel
0 ZadokXerxes over 7 years ago in reply to LuCar Toni

I know.

But what's different this time is that there is a router behind the firewall. And I specified this in my question.

It seems similar, but the router makes the difference.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 7 years ago in reply to ZadokXerxes

Still unclear - you have a tunnel already build?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago in reply to ZadokXerxes

So, is the IPsec tunnel between an external device and the router behind the XG? Or, is the XG the tunnel endpoint and you want the other site to be able to reach the subnet behind the router?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 7 years ago in reply to ZadokXerxes

So, is the IPsec tunnel between an external device and the router behind the XG? Or, is the XG the tunnel endpoint and you want the other site to be able to reach the subnet behind the router?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data