Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 28 subscribers
  • Views 764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BO not able to reach Cloud subnet over IPSec connecting to Head Office.

Ben Ng

Hi,

I had configured a ipsec remote access from the cloud using sophos connect to my HQ XGS.

there is a remote Branch that is connected to HQ using IPsec connection.

BO-----------------------------------HQ--------------------------------Cloud

192.168.32.0/24             192.168.0.0/24                      192.168.60.0/24

i have some issue with the routing and it is not able to reach from the BO to the Cloud.

What i had done:

HQ

IPSec VPN added the Cloud subnet and HQ subnet into local subnet.

BO 

Added the Cloud subnet into the remote subnet in IPSec VPN configuration

Added the system ipsec_route of the Cloud and also BO into HQ XGS.

Added the firewall rules to allow Cloud VPN and HQ local subnet inbound and outbound in BO

Added Firewall rules allow BO subnet inbound and outbound in HQ XGS.

currently the network is not able to reach the Cloud subnet (192.168.60.0/24) from the BO site.

Appreciate the advice on how to troubleshoot the routing.

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Ben Ng

    Well , enabling that option will send all traffic, including external internet requests, to the interface you specify for IPsec remote access. With that client users will send their internet requests through Sophos Firewall, and you will need to configure a firewall rule with the source zone set to VPN and the destination zone set to WAN. 

    For HO it is already accessible right? So clients will considered on the local firewall, that should work if you have allowed the cloud subnet to communicate. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Ben Ng

    Yes, that's the dilemma! You probably do not want this as the default gateway there.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    Thanks for the recommendation, will check with my manager if he is okay with the solution tomorrow.

    Regards

    Ben

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?