Hi,
We have a head office site that connects to a 3rd party over a site to site vpn for a service that they offer. Their requirements are quite specific on the set up of the site to site vpn for subnets and translation.
Details are:
Office LAN: 192.168.108.0/24
Remote LAN: 10.168.0.0/16
Translated Local Network: 10.168.207.80/29
Currently on a DrayTek device where the VPN settings are as above. The IKE connection and the security all work great. The tool we use to get the data does connect successfully to resources in the 10.168.0.0/16 range. so on the Draytek VPN profile details are:
Local Subnet is 192.168.108.0/24,
remote subnet is 10.168.0.0/16
translated local network setting is 10.168.207.80/29
All set within the VPN profile, it just works without any additional items.
If I use the same settings as above the site to site vpn shows as active status as green, but the connection status remains red. If I set the local subnet to 10.168.207.80/29 the active and connection status symbols go green, however my local subnet isn't 10.168.207.80/29, as such nothing will go over the connection. I tried setting 192.168.108.0/24 as the translated lan, but that didn't work.
But it does at least mean its not an issue with the way the connection is secured. If its set to the 192.168.108.0/16 range as the source its like the connection is refused.
I have also created firewall rules to allow data to flow from any source or destination zone\interface between the 3 subnets involved.
I have tried various items, such as converting to a tunnel interface and setting a single IP inside our local lan to be part of a NAT rule,
Is there any way to make this work. Its a very simple set up on the DrayTek and I can't believe how difficult it seems to be to make it work on the Sophos firewall.
This thread was automatically locked due to age.
