Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Subscribers 30 subscribers
  • Views 10696 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG to XG RED VPN With Multiple WAN interfaces

Carlos Cesario

Hi folks,

 

Could someone has ideia if is it possible create a RED VPn between XG devices  using multiple WAN interfaces in Branch and Head office ?

 

 

eg.

H.O WAN 1  ---------------RED TUN 1----------------------------   B.O WAN 1

H.O WAN 1  ---------------RED TUN 2----------------------------   B.O WAN 2

H.O WAN 2  ---------------RED TUN 3----------------------------   B.O WAN 1

H.O WAN 2  ---------------RED TUN 4----------------------------   B.O WAN 2

 

Best regards

 

Carlos



This thread was automatically locked due to age.
Parents
  • 0

    I guess, you cannot perform 4 tunnels, but 2. 

    The point is, XG is using a Random Outbound IP, if not specify via CLI.

    https://community.sophos.com/kb/en-us/122999

    But this command relies on the destination.

    So basically you cannot use it 4 times to bind it properly. 

  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

     

    Thanks by your response.

    Well, I already suspected this, but I would like to confirm :)

    I would be interesting has a option to bind it.

     

    Best regards

    Carlos

  • 0 in reply to Carlos Cesario

    Lets wrap this topic up. 

    I guess, there is no real "reason" to build up 4 tunnels. 

     

     

     

     

    This is the standard scenario.

     

    On AB you would say, Port1 is reachable with Interface A, PortB is reachable with Interface B. 

     

     

     

    In Case of a Port not reachable.

     

    Question is, what is happening with your DNS? Because the Tunnel A-1 Is not there anymore, you could force XG to build up the Tunnel between A-2 with a DNS record.

    But : Would there be a real use case for this? Because you will have a drop in the "Performance" anyway. 

     

  • 0 in reply to LuCar Toni

    Hi LuCar, 

     

    The reason to usage 4 tunnels is because I will usage OSPF to routing across these tunnels, I like Ipsec Bind option in Cyberoam OS.

    With this I have total control about the path/routing/failover.

     

    Currently I have several Cyberoam OS devices using this model with IPSEC, and I´m lokking solution to convert it to Sophos XG.

     

    This is the reason :)

     

    Best regards

     

    Carlos

Reply
  • 0 in reply to LuCar Toni

    Hi LuCar, 

     

    The reason to usage 4 tunnels is because I will usage OSPF to routing across these tunnels, I like Ipsec Bind option in Cyberoam OS.

    With this I have total control about the path/routing/failover.

     

    Currently I have several Cyberoam OS devices using this model with IPSEC, and I´m lokking solution to convert it to Sophos XG.

     

    This is the reason :)

     

    Best regards

     

    Carlos

Children