Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rotue specific internet traffic over Site to Site VPN on Sophos XG

Miftaul Haque

I have a site to site IPSec VPN between two Sophos XG both located in LA.

HQ Site: SG230 (SFOS 17.5.16 MR-16-Build830)
BrachOffice: XG125 (SFOS 19.0.1 MR-1-Build365)

Problem:
A particular site is not accessible from branch office but that is accessible from HQ location. I want to route that website over site to site VPN.

Things I have done:
On the HQ router,
- added local subnet as ANY on the site to site VPN.
- also added a VPN to WAN NAT rule.

On the Branch Office Router
- added a route "system ipsec_route add host Site_WAN_IP tunnelname Tunnel_Name"
- also changed the route preference to "system route_precedence set vpn static sdwan"

The site is still not accessible.

I went into Tools -> Diag -> Route Lookup -> entered the IP and I get below response.

Site_WAN_IP is located on the ipsec0
Site_WAN_IP is not behind a router.

Please advise.

Thank you for your time and support.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Miftaul,

    Thank you for contacting the Sophos Community.

    You’re looking to have the Brancoffice users access the resource behind the HQ site, through the VPN via the WAN of the HQ site?

    Is there any reason why you aren’t pointing the users to use the Private IP of the server?

    Additionally, you’re running an unsupported version of the SFOS please update your SG230 to a supported version. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello Miftaul,

    Thank you for contacting the Sophos Community.

    You’re looking to have the Brancoffice users access the resource behind the HQ site, through the VPN via the WAN of the HQ site?

    Is there any reason why you aren’t pointing the users to use the Private IP of the server?

    Additionally, you’re running an unsupported version of the SFOS please update your SG230 to a supported version. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data
Unfiltered HTML