Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route Based VPN - Send traffic back to main office

OtherUTMGuy

I have several sites (Sophos XG/XGS on both sides) with DIA and cellular backup. Currently, with policy-based VPN and a failover group, the failover process is clunky and usually results in a very noticable interruption for the users.

To help ease that transition I am testing RBVPN and BGP.

With my policy-based tunnels I send all traffic back across to the corporate office and we have a single egress point for our network. I would like to do the same, or something similar, with RBVPN. This keeps me from having to manage multiple public IPs with my VoIP provider, provides a single troubleshooting point for firewall rules and policies, etc.

What should I be looking at / for on my Sophos appliances to tunnel / route all remote site traffic back to the corporate office?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    If you are looking into BGP, there is a way to publish default gateways. This will push the 0.0.0.0 route to the location, which basically means, push ANY to the XFRM. Check BGP documentations on how to do this. 

  • 0 in reply to LuCar Toni

    Thanks. I'll keep looking.

    CLI doesn't seem to support default-originate, and when I add 0.0.0.0/0 to the BGP route list on the corp office it cuts off the remote office.

    EDIT: Looks like I may be up and running by: Adding a Routing>Gateway tied to xfrm1 and then creating an SD-WAN route to direct interesting LAN traffic through that gateway. Just need to figure out how to get the XG to 'fail back' to the preferred connection.

Reply
  • 0 in reply to LuCar Toni

    Thanks. I'll keep looking.

    CLI doesn't seem to support default-originate, and when I add 0.0.0.0/0 to the BGP route list on the corp office it cuts off the remote office.

    EDIT: Looks like I may be up and running by: Adding a Routing>Gateway tied to xfrm1 and then creating an SD-WAN route to direct interesting LAN traffic through that gateway. Just need to figure out how to get the XG to 'fail back' to the preferred connection.

Children
No Data