Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 486 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG needs to access DC on other side of rbvpn tunnel

Tomas Tyser1

Hi, 

When trying to ping DC behind the rbvpn from XG, the traffic is routed to WAN interface. Was looking into this https://support.sophos.com/support/s/article/KB-000035830?language=en_US

How does this works with rbvpn when there are two tunnels? Should I use this command for every tunnel?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    ==> If you've set up a Route-based VPN with an SD-WAN policy route then you need to ensure that system-generate-traffic for SD-WAN policy is enabled.

    console> show routing sd-wan-policy-route system-generate-traffic

    To enable it: console> set routing sd-wan-policy-route system-generate-traffic enable

    You need to add a static route to remote DC with xfrm interface and gateway as remote xfrm interface IP.

    Destination IP / Netmask: DC_IP/32
    Gateway: Remote xfrm interface IP
    Interface: local xfrm interface

    ==> If you've setup static routes then ensure to set static route precedence to high

    console> system route_precedence set static vpn sdwan_policyroute

    console> system route_precedence show
    1. Static routes
    2. VPN routes
    3. SD-WAN policy routes

    No additional changes will be required.

    https://support.sophos.com/support/s/article/KB-000035830 article is for IPsec policy-based VPN.

  • 0 in reply to FormerMember

    hi Yash, thank you for the info!

Reply Children
No Data