Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route Based VPN - Send traffic back to main office

OtherUTMGuy

I have several sites (Sophos XG/XGS on both sides) with DIA and cellular backup. Currently, with policy-based VPN and a failover group, the failover process is clunky and usually results in a very noticable interruption for the users.

To help ease that transition I am testing RBVPN and BGP.

With my policy-based tunnels I send all traffic back across to the corporate office and we have a single egress point for our network. I would like to do the same, or something similar, with RBVPN. This keeps me from having to manage multiple public IPs with my VoIP provider, provides a single troubleshooting point for firewall rules and policies, etc.

What should I be looking at / for on my Sophos appliances to tunnel / route all remote site traffic back to the corporate office?

Thanks.



This thread was automatically locked due to age.

Top Replies

  • +1 suggested

    If you are looking into BGP, there is a way to publish default gateways. This will push the 0.0.0.0 route to the location, which basically means, push ANY to the XFRM. Check BGP documentations on how to do this. 

    Jump to answer
  • 0

    If you are looking into BGP, there is a way to publish default gateways. This will push the 0.0.0.0 route to the location, which basically means, push ANY to the XFRM. Check BGP documentations on how to do this. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks. I'll keep looking.

    CLI doesn't seem to support default-originate, and when I add 0.0.0.0/0 to the BGP route list on the corp office it cuts off the remote office.

    EDIT: Looks like I may be up and running by: Adding a Routing>Gateway tied to xfrm1 and then creating an SD-WAN route to direct interesting LAN traffic through that gateway. Just need to figure out how to get the XG to 'fail back' to the preferred connection.