Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 1962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to publish host from remote ipsec tunnel?

ITA_Fabio

Hi everyone,

I describe what I wanna do: I've got two site, connected by ipsec tunnel and both end with XG. The main side has single static ip address (used by ISP router which is configured to forward everything to sophos). The remote side is on a a connection natted by ISP itself, so I can not do any port-forwarding. Anyway the ipsec tunnel work well. On the remote site I got a couple of security cams, managed by an NVR and I can manage it by using it local remote ip. I would expose it to be public reachable through the ipsec tunnel... it is possible?!? I've tried with a full-nat rule but without luck.

If could help I can post a diagram of all of this, let me know (and sorry for my bad English :) )

 

Regards
Fabio 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Can I create the two REDs while ipsec is running or it's better stop it before, delete fw rules and after all create REDs?

    Another thing: on both site I ve got two WAN, can I force RED to create connection using a specific WAN?!?

  • 0 in reply to LuCar Toni

    I've follwed the guide but not sure about the result. The tunnel between the two REDs has been created, from the server I see the ip address of the uplink is the one of the other WAN (primary WAN) that I want to use. But other that there is something strange, start to ping each gateway from other side there are a lot of request timeout (in ping from server to client side) and a lot destination host unreachable (from client to server side) and the drops seem to be in sync... any idea?!? Could the multi WAN on each side causing this effect? I've tried to disable the compression setting but nothing change.

  • 0 in reply to ITA_Fabio

    You need routing.

    Did you already create some static routes? 

    Additionally you need matching firewall rules. 

     

    IPsec (VPN) could be higher in the routing.

    https://community.sophos.com/kb/en-us/123610

  • 0 in reply to LuCar Toni

    I've followed the guide, first disabled the vpn rules on both side.

    The tutorial was easy, but the RED tunnel is unstable, disconnect and reconnect every minute, so I think I'll disable it and return to ipsec (I've tried to search motivation on red unstable but nothing helpful).

    So any suggestion on port forwarding through ipsec? :)

     

    Fabio

  • 0 in reply to ITA_Fabio

    This is like mentioned before, a little bit difficult to archive. https://community.sophos.com/kb/en-us/123336

    NAT Policies (Firewall - Business Policies) does not work with a IPsec Tunnel in V17.5. This will be changed in V18, but for now, i would suggest to resolve the RED issue.

    Because i have multiple RED tunnels running without any issue.