VPN connectivity help

Question

Hello, good morning. I will try to explain how it is structured and what we need, for this I attach scheme that can help to understand it. All the information you need ask me. Thank you very much in advance. 
 
 Scenario: - Firewall CT and Firewall SJ connected through VPN tunnel managed by the Internet Service Provider (ISP). - SJ Firewall and CLOUD Firewall connected through VPN tunnel managed by us with XG firewalls. Objective: To have connectivity from LAN 192.168.79.0 (Source A) to LAN 10.10.10.0 (Target B). Current situation: VPN tunnels are correctly connected but performing ping and tracert tests we have connectivity up to SJ 192.168.77.34 firewall and there the packets stay. Configurations: - Firewall CT Routing 192.168.77.0 / 255.255.255.0 Gateway 192.168.79.98 - Firewall SJ Routing 192.168.79.0 / 255.255.255.0 Gateway 192.168.77.98 VPN IPSec Local subnet: 192.168.77.0, 192.168.79.0 Remote subnet: 10.10.10.0 Rules LAN - VPN Source: LAN Source Networks: 192.168.77.0 192.168.79.0 Destination: VPN Destination Networks: 10.10.10.0 VPN - LAN Source: VPN Source Networks: 10.10.10.0 Destination: LAN Destination Networks: 192.168.77.0 192.168.79.0 - Firewall CLOUD VPN IPSec Local subnet: 10.10.10.0 Remote subnet: 192.168.77.0 192.168.79.0 Rules LAN - VPN Source: LAN Source Networks: 10.10.10.0 Destination: VPN Destination Networks: 192.168.77.0 192.168.79.0 VPN - LAN Source: VPN Source Networks: 192.168.77.0 192.168.79.0 Destination: LAN Destination Networks: 10.10.10.0

FormerMember · Answer

Hi Francisco Jose Manzanares Marin , 
 Thank you for reaching out to Sophos Community. 
 You'll need to set up hub and spoke IPsec VPN between these 3 locations. 
 Hub: SJ firewall 
 Spoke: CT & CLOUD firewall 
 Or you can also set up IPsec tunnel between CT and CLOUD firewall.