Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 1413 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing over SSL Site to Site VPN Tunnel - using remote WAN interface

MarkusSonderegger

Hi Folks...

Need some advice for a routing problem, maybe someone can shad some light in it for me? i saw a lot of similar posts but with no luck...

Site A is connected by SSL site to site VPN to site B where some clients and server are connected. Normal traffic is working fine - both way, currently no restrictions (ports) and no IDS / IPS rules are in place so far. Both sites have theire own ISP / Internet Provider, normal Internet Traffic is going over the according ISP

Both sites are using Sophos XG with 18.5.x Firmware.

Now i need to manage it, that certain Clients / IP Phones from site B are routed over the SSL VPN Tunnel to the site A and access Internet over the site A ISP for a dedicated target IP / Network. All other Internet traffic should still flow over ISP from site B.

How can i manage this in the Sophos or do i need to add a local static route to the client / phone? If local static route, what will be the next hop / gateway?

Any help is welcome...



This thread was automatically locked due to age.
Parents
  • 0

    Why do you use a SSLVPN Site to Site Tunnel in the first place? 

    I would rather move to IPSec Route based VPN. docs.sophos.com/.../index.html

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    OK, IPSec Route based VPN is now up and running, normal traffic is running fine. But still no luck to access the network 174.201.21.173/27 over the ISP A. (i just saw there is an error in the picture - ISP A und B are mixed up - sorry for that)

    What i also did:

    -static IPv4 routing on Site B (174.201.21.173/27 over XFRM1

    -SD WAN Routing Policy on Firewall A to route traffic from XFRM1 over ISP A

    -Firewall pollicy to allow traffic from 192.168.20.0/24 to WAN.

    What did i miss?

Reply
  • 0 in reply to LuCar Toni

    OK, IPSec Route based VPN is now up and running, normal traffic is running fine. But still no luck to access the network 174.201.21.173/27 over the ISP A. (i just saw there is an error in the picture - ISP A und B are mixed up - sorry for that)

    What i also did:

    -static IPv4 routing on Site B (174.201.21.173/27 over XFRM1

    -SD WAN Routing Policy on Firewall A to route traffic from XFRM1 over ISP A

    -Firewall pollicy to allow traffic from 192.168.20.0/24 to WAN.

    What did i miss?

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?