Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 15784 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing WAN Traffic through Site 2 Site VPN for one device

The_Deef

 Hi Guys,

 

maybe i am blind, but i've not found a solution for my NAT / Routing issue.

I need to route / nat outgoing WAN traffic from one of my Client Servers to use the WAN IP from my UTM9, but have not found a viable solution yet.

 

I have currently following Setup:

 

ISP1 --- SFXG --- IPSec Site 2 Site VPN --- UTM 9 --- ISP2 

                |

                |

         Client Server

 

Anyone got a suggestions how to realise this?

 

PS:

The VPN Tunnel works and is stable and traffic flows without any issue.





This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Sorry but i am really confused right now.....

     

    Do i have to add the 0.0.0.0/0 in my vpn tunnel (remote and local network)?

     

    Will i have to tell the client to use the default gateway for 0.0.0.0/0 to be the IP of my UTM?

    Or can i just use  static / policy routing on my XG, since the client will use other networks as well and will not be in the network all the time ( and to be fair it is from another service provider which is only using DHCP on its interface).

     

  • 0 in reply to The_Deef

    You need to do a static routing of the Server Ip to the utm and in the utm a rule that those who request the web do the reverse routing until arriving at your Server.

  • 0 in reply to The_Deef

    David,

    it is quite a strange configuration and I was thinking how to implement it in the best way. Your goal is to use the ISP2 for both outgoing and incoming traffic or only incoming?

    Can you explain better your goal? Thanks

    A network diagram will help.

    Thanks

  • 0 in reply to lferrara

    Hi lferrara,

     

    thanks for your input.

    We only need to have to use the ISP2 IP for outgoing traffic ( we need to have a german IP, the ISP1 is sitting in ireland ) for eg. web applications.

     

    We dont need any NAT or traffic routed back from the ISP2 IP through the tunnel to my clients server ( excluded established connections, which we obviously need).

     

    I hope this clears things up.

  • 0 in reply to The_Deef

    Thanks David.

    I am not sure if it will work (I am not able to try it) but I would try these steps:

    • create a static route on your host (for windows use the command route add; for linux edit the etc/sysconfig/network-scripts/route-eth)
    • As static route you have to add 0.0.0.0/0.0.0.0 where the gateway is your remote network UTM9 interface
    • You need to apply NAT inside the VPN tunnel: https://community.sophos.com/kb/en-us/123356
    • Create a SNAT on UTM9 for natted LAN.

    Let us know.

    Regards