Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1032 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG v18 - How to extend VoIP subnet to a branch

Juan N.

HI everybody. I need some help with the following subject.

 Recently my company migrated from an old PF-Sense firewall to a Sophos XG 230 v18.0.3.

 Headquarters’ network has the following configuration:

 - 2 ISP suppliers, connected to ports 2 and 3 for WAN Network

 - LAN IP is 192.168.1.1/24 connected to port 1

 From the original installation inherited from the PF-Sense FW, we have the 192.168.20.1/24 subnet for VoIP, connected to Avaya HW/SW. Cisco 3 Layer switches are used for managing both networks.

 Therefore, I created a LAN IP Alias in port 1 for the 192.168.20.1/24 network and everything is working smoothly.

 We also have a branch office with a Sophos XG 106, with LAN address 192.168.0.1/24.

The BO is connected to HQ via IPSec VPN, with no problems.

 I need to extend de HQ VoIP Subnet 192.168.20.xxx to the BO in order to install VoIP phones, in IP range 192.168.20.201 to 192.168.20.220 and I don’t know how to do this.

 Any advice will be highly appreciated. VLans, Routing, VPN, ???

 Following is a diagram of our network.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Juan,

    Thank you for contacting the Sophos Community!

    This would be a good question for your Sales Engineer. 

    However for this to work I think you might need to NAT traffic in the IPsec so the phones on 192.168.20. can reach out to the Avaya VoIP!

    Take a look at this KB

    Regards,

  • 0 in reply to emmosophos

    Hello Emmanuel,

     Thank you for your advice. However, I could not reach what I need using NATed IPs in the overlapping subnets.

     Therefore, I discarded the IPsec VPN and implemented a RED tunnel between the 2 firewalls.

    I will test the VoIP connection in the field today.

     Regards

Reply
  • 0 in reply to emmosophos

    Hello Emmanuel,

     Thank you for your advice. However, I could not reach what I need using NATed IPs in the overlapping subnets.

     Therefore, I discarded the IPsec VPN and implemented a RED tunnel between the 2 firewalls.

    I will test the VoIP connection in the field today.

     Regards

Children
No Data