Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 8482 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Branch Office VPNs

JonathanBell

We have 5 locations, each with an XG UTM. In our current setup, we have 2 IPsec VPN tunnels to each of the 4 branch offices from the main office (IPv4 and IPv6). We are looking for a more efficient configuration. We need to retain both IPv4 and IPv6 connectivity to each of the remote locations.

We toyed with the SSL VPN, and was able to combine IPv4 and IPv6 successfully into a single tunnel, however, we couldn't figure out how to connect to more than a single branch office. Is it possible to have multiple SSL VPNs? If so, how do you configure these to connect? We tried setting up a single server with 4 clients, which failed (only one branch could connect at a time). We tried 4 separate servers/clients and had some very strange and erratic network behavior.

Looking forward to suggestions.



This thread was automatically locked due to age.
  • 0

    Jonathan,

    Are you able to upload a small network diagram? Thanks

  • 0 in reply to lferrara

    Its a simple network design. Main office with 4 spurs to branch office. Simple hub network. Do you need more than that to go on?

  • 0 in reply to JonathanBell

    Clear!

    Can you explain what issues are you encountering using 4 SSL VPN?

    Your question is a really nice one. Why do you want to use both IPv6 and IPv4 concurrently for each branch office?

    Sorry if I am asking these questions, but I would to know what you are trying to achieve regarding perfomance and availability.

    Thanks

  • 0 in reply to lferrara

    Lets start with the why. The majority of our domain traffic uses IPv6, as any network would. That being said, we do utilize one piece of software which only runs on IPv4, forcing it to be required as well.

    So, here's how I tested the SSL VPNs, and the results given. To Branch-A, I deleted the IPsec VPNs. I then created an SSL VPN server at the main office. Downloaded the config and uploaded to Branch-A UTM. I could then ping IPv6 and IPv4 between Main and A. Yay!

    I move forward and create a second connection, identical to the above except for Branch-B. I could now ping between Main and B, however, Main and A has dropped.

    I changed the setup to put the server at Branch-B and client at Main. This allowed the original SSL VPN for A work, as well as B. As soon as I place a second server or client on Main, it starts to drop VPNs.

    At a loss as to why we cant utilize multiple SSL VPNs.