Vpn Client to multi sites at same time

Question

i have Question i draw it to be easy , please find attached file

Aditya Patel · Accepted Answer

HI KhaledMaged, 
 IN your case for IPSEC Tunnel Config 
 Branch A Local Network 192.168.0.0 Remote network 192.168.2.0, 192.168.3.0 and 18.18.18.0 Branch B Local Network 192.168.2.0 Remote network 192.168.0.0, 192.168.3.0 and 18.18.18.0 Branch C Local Network 192.168.3.0, 18.18.18.0 and remote Network 192.168.0.0 and 192.168.2.0 
 For your SSL policy at Branch C 
 Add networks 192.168.0.0, 192.168.2.0 and 192.168.3.0 
 Make sure on you have VPN to VPN firewall rule . 
 Thanks and Regard 
 Aditya Patel | Network and Security Engineer

lferrara · Answer

Khaled, 
 using the Sophos SSL client, for exmple, you have to insert inside the permitted network all the networks (192.168.3.0/24, 192.168.0.0, 192.168.2.0). Also inside the site to site VPN (Branch A and Branch B, you have to declare inside the branch C office even the network 18.18.18.0, otherwise requests will go to internet and not to branch C). 
 From Branch A and Branch B, do a traceroute to 18.18.18.X and see if the traffic is redirected to Branch C.

lferrara · Answer

Sure! 
 You Site C is the only one that knows the VPN remote networks so the Firewall in that site knows how to route traffic back to remote users. The other 2 sites do not know nothing about that network so they use their default route (0.0.0.0) to route traffic, so the request goes to internet instead of site C. 
 The same happens for your Remote users about the 2 sites. So you must declare site A and B inside the remote users (inside permitted networks settings inside the XG VPN Remote Settings) and you must declare remote users network inside the Site to Site Tunnel for Site A, Site B and Site C. 
 Hope it is clear now.