This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rotue specific internet traffic over Site to Site VPN on Sophos XG

I have a site to site IPSec VPN between two Sophos XG both located in LA.

HQ Site: SG230 (SFOS 17.5.16 MR-16-Build830)
BrachOffice: XG125 (SFOS 19.0.1 MR-1-Build365)

Problem:
A particular site is not accessible from branch office but that is accessible from HQ location. I want to route that website over site to site VPN.

Things I have done:
On the HQ router,
- added local subnet as ANY on the site to site VPN.
- also added a VPN to WAN NAT rule.

On the Branch Office Router
- added a route "system ipsec_route add host Site_WAN_IP tunnelname Tunnel_Name"
- also changed the route preference to "system route_precedence set vpn static sdwan"

The site is still not accessible.

I went into Tools -> Diag -> Route Lookup -> entered the IP and I get below response.

Site_WAN_IP is located on the ipsec0
Site_WAN_IP is not behind a router.

Please advise.

Thank you for your time and support.

This thread was automatically locked due to age.

0 emmosophos over 2 years ago

Hello Miftaul,

Thank you for contacting the Sophos Community.

You’re looking to have the Brancoffice users access the resource behind the HQ site, through the VPN via the WAN of the HQ site?

Is there any reason why you aren’t pointing the users to use the Private IP of the server?

Additionally, you’re running an unsupported version of the SFOS please update your SG230 to a supported version.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel