Site to Site VPN and Static routing

Hello Nikolaos Zisis,

Yes it is possible, all you would need to do is add the route of network 172.32.20.10 in the IPsec connection between VPN branch and Head Office location. As for the cloud server side make sure the network for BO is also added. On the HO, both network i.e. VPN to VPN rule is to be created with no NAT applied.

Hello Nikolaos Zisis,

Yes it is possible, all you would need to do is add the route of network 172.32.20.10 in the IPsec connection between VPN branch and Head Office location. As for the cloud server side make sure the network for BO is also added. On the HO, both network i.e. VPN to VPN rule is to be created with no NAT applied.

So at the Branch office Cyberoam I have to create a static route saying that if you want to find 172.32.20.10 go through the interface of the Headquarters Cyberoam. At the Sophos firewall of the ISP I have to create a static route saying that if you want to find Branch office network go through the headquarters interface. But I don't understand the VPN to VPN rule that you are saying can you please explain?

Thank you

Hello Nikolaos Zisis 

I have a question here , why static route? As per diagram you have connected via IPsec VPN site-site connection. 

Let me share my side of the configuration as per your diagram using IPsec tunnel. 

3 Sites 

Branch Office.  Tunnel Between BO and HO

Local Network -> 192.168.10.0/24 

Remote Network ->192.168.100.0/24; 172.32.20.10/32

Rules-> LAN to VPN and VPN to LAN.

Headquarters Tunnel between HO and ISP

Local Network > 192.168.10.0/24; 192.168.100.0/24

Remote network ->172.32.20.10

Rules -> LAN to VPN, VPN to LAN and VPN to VPN (No Nat)

ISP Tunnel between ISP and HO

Local Network -> 172.32.20.10

Remote network -> 192.168.100.0/24 192.168.10.0/24