Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 572 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing over different IPSec tunnels based on source IP

Stuart James

I have two different VLANs on my LAN (192.168.1.0/24 and 172.16.1.0/24)

I have two IPSec tunnels both which have a destination subnet of 10.10.1.0/24 (this cannot be changed as it's a third party connection which uses public DNS records so cannot use NAT)

How can I tell the Sophos to use route 192.168.1.0/24 -> 10.10.1.0/24 across IPSec tunnel 1 and 172.16.1.0/24 -> 10.10.1.0/24 across IPSec tunnel 2?



This thread was automatically locked due to age.
Parents
  • 0

    I think you could use an SDWAN route with Source Network (ex 192.168.1.0) and then set it to use Primary/Secondary and set your tunnel (ex 10.10.1.0) as Primary and None as Secondary.

  • 0 in reply to Wayne Folta

    Thanks for the reply. Can't do this as SDWAN routing is only for Gateways and an IPSec tunnel isn't a Gateway

  • 0 in reply to Stuart James

    I haven't tried it, but I use a 6in4 tunnel and have made the (IPV6) far end a gateway and it appears as an option in (IPv6) SDWAN routes. But it may or may not actually work, and IP tunnels may be different than 6in4 tunnels.

    [EDIT: Now that I think about it, the far end of each of your tunnels is the same (10.10.1.1 or some-such) and since the Gateway is managed from the appliance, it can't tell the two apart. (It can tell the two tunnels apart, but not the Gateways which would appear to be the same from on-appliance and wouldn't have the SDWAN's "From" context to differentiate them.]

Reply
  • 0 in reply to Stuart James

    I haven't tried it, but I use a 6in4 tunnel and have made the (IPV6) far end a gateway and it appears as an option in (IPv6) SDWAN routes. But it may or may not actually work, and IP tunnels may be different than 6in4 tunnels.

    [EDIT: Now that I think about it, the far end of each of your tunnels is the same (10.10.1.1 or some-such) and since the Gateway is managed from the appliance, it can't tell the two apart. (It can tell the two tunnels apart, but not the Gateways which would appear to be the same from on-appliance and wouldn't have the SDWAN's "From" context to differentiate them.]

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?