Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 25 subscribers
  • Views 932 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to create IPSec Tunnel from BO having two Gateways

CreateShare

Hi,

Can anyone provide me with a proper article that can help to create IPSEC Tunnel from a Branch Office having 2 gateways. The head office has only one gateway.

Thanks.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Check out the following KBA for more info: 

    Thanks,

  • 0 in reply to FormerMember

    Thank you for the reply. I actually have 2 Gateways in the branch office and 1 gateway in the head office and I have created two tunnels in the Branch office firewall with the same Target IP of Head Office. If this is the correct configuration for my scenario then the only problem I have is that sometimes the primary gateway is up in the branch office but the tunnel does not get connected due to some unknown reason, then I have to try the 2nd gateway manually and vice versa. Now if I select 'Ping' or 'TCP' as the failover conditions then the firewall will not switch the gateway until it goes down completely. Is there any solution to this?

    Thanks.

  • FormerMember
    0 FormerMember in reply to CreateShare

    Hi ,

    Thank you for the update. 

    You would have to configure two IPsec tunnels at both firewalls and then configure the failover group and failover condition. For the IPsec, failover group to work correctly, both the tunnels need to connect without any issue. 

    Once you configure the fail-over group and define failover conditions, the firewall will check the peer gateway status. If it does not get the response, it'll declare the peer gateway as dead, and it’ll failover to another connection. Could you please check if ICMP and TCP port is allowed on the peer firewall? 

    Thanks,

  • 0 in reply to FormerMember

    Hi,

    ICMP is disabled but TCP Port 8443 is enabled which I have entered under failover condition. This configuration works in a normal condition where both the tunnels can connect without any issue. The problem with my internet connections is that sometimes the internet is working but still the tunnel does not connect due to some issue from the ISP side I believe since one of the connections is 4G. In this case, there must be an option to enter a remote LAN IP Address manually as a failover condition.

    Thanks.

Reply
  • 0 in reply to FormerMember

    Hi,

    ICMP is disabled but TCP Port 8443 is enabled which I have entered under failover condition. This configuration works in a normal condition where both the tunnels can connect without any issue. The problem with my internet connections is that sometimes the internet is working but still the tunnel does not connect due to some issue from the ISP side I believe since one of the connections is 4G. In this case, there must be an option to enter a remote LAN IP Address manually as a failover condition.

    Thanks.

Children
No Data