Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 2277 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Same Sub-net destination thru 2 different ports (IPsec/MPLS) separate by source users/IPs

Haytham Mestekawy1

We have a branch that connected to HQ (Sophos XG210) through 2 types of connections IPsec_VPN and MPLS VPN but need to use both at same time by separating users or IPs to route each thru different ports & Gateways

IPsec_VPN: remote network is 192.168.10.0 thru Port2/Internet in WAN_Zone (disabled need to be configured)

MPLS_VPN: Thru Port4 connected to MPLS router using Gateway in WAN_Zone interface 10.10.10.20/24 and its GW is 10.10.10.10/24 (MPLS Router handle the route to remote MPLS router) (Implemented & working fine)

Firewall Rule: Source Zone LAN .... Source network (users/IPs) Destination Zone WAN Destination Network (2 remote IPs inside 192.168.10.0 subnet) Gateway MPLS_VPN Port4. (Implemented & working fine)

how can i configure this scenario so that some users route thru the MPLS and some other users thru the IPsec connection..... also remote subnet users in 192.168.10.0 could use IPsec to access the HQ servers??

 



This thread was automatically locked due to age.
Parents
  • 0

    Haytham,

    you can use Policy Routing under routing and decide which devices with which service will use that route.

    For the second question, you can use same subnet across IPSec VPN. You need to implement NAT over IPSec. Here the KB:

    https://community.sophos.com/kb/en-us/123356

    Next time make sure to ask one question per thread.

    Regards

  • 0 in reply to lferrara

    Hi lferrara,

    We already were using policy routing and now using firewall policy only without the routing policy.... that is already running i only added it for clarifying the scenario.

    Its only one question, How can i add the same destination network through 2 ways of connections at same time while separating users paths.

    I cant use NAT over IPsec as the remote router (RV042) cant achieve this type of NATing on it.

    Also RV042_Remote site is already opening the IPsec VPN tunnel using NAT-T without static public IP.

Reply
  • 0 in reply to lferrara

    Hi lferrara,

    We already were using policy routing and now using firewall policy only without the routing policy.... that is already running i only added it for clarifying the scenario.

    Its only one question, How can i add the same destination network through 2 ways of connections at same time while separating users paths.

    I cant use NAT over IPsec as the remote router (RV042) cant achieve this type of NATing on it.

    Also RV042_Remote site is already opening the IPsec VPN tunnel using NAT-T without static public IP.

Children
No Data