Configuring link LAN TO LAN

Hi, and welcome to the UTM Community!

If you have two separate interfaces in the same subnet, you will have routing problems.  Please show a picture of the 'Interfaces' tab from one of the UTMs.

Do I understand correctly that you have two different WAN connections on each UTM and that you want the VPN to fail over to a slower connection if the faster one is down?

Cheers - Bob

Hi, thank you.

I have same interfaces in the same subnet, but on switch Vlan´s separete.

Maybe I wasn't clear in my request.

What I need is to define the priority of the primary link and it's failovers.

Here is the configuration I need.

Link1 - 10.10.10.4/28 >>>>>>>>>> Primary
Link2 - 10.10.10.20/28 >>>>>>>>> Failover, to be enabled ONLY if Link1 fails

If both the links above fail, I want the VPN site to site to be used.

Its possible on Sophos UTM?

Thank you

Looks like you only need static routes for the 3 different connections with the lowest metric for the highest priority connection.

The VPN connection needs to be bound to the local interface otherwise it will always take precedence. When you bind it to local interface you can control it with custom created routes.

Arno, I think I would do the first two with Uplink Balancing and an Any->Any->Any Multipath rule bound to Link 1 if they're WAN connections.  If they're not Interfaces with a default gateway, then your solution is what I would do, too.

For the VPN, Welisson, I may be confused.  Is the VPN to be done on a third link, or is this via a WAN connection that is neither Link 1 nor Link 2?  If this is a WAN connection, then you have two options.  The one suggested by apijnappels will give you virtually-instantaneous failover.  If instant failover isn't desired, you can use Uplink Monitoring to start the VPN when both of the other links have failed.  In this case, you will want to configure 'Monitoring Hosts' on the 'Advanced' tab.

Cheers - Bob

Hello,

I created the routes:

Network "Internal LAN1 - 10.5.0.0/16" --> Gateway "10.10.10.3" Metric 4   (created with sucess and enable)

Network "Internal LAN1 - 10.5.0.0/16" --> Gateway "10.10.10.19" Metric 5 (created with sucess, error to enable "the network 10.5.0.0/16 already in use by the destionation network attribute of the static route object to 10.5.0.0.

Don´t worked route with gatewat diferent to same network.

Is there another way?

If link1 and link2 are both active links on separate interfaces (with default gateways set) you can use Uplink balancing for this (like Balfson has explained).

For the VPN, you might be able to use Interfaces and routing -> Uplink monitoring -> actions and then enable the IPSec site-to-site tunnel between the two UTM's (where you have it disabled in normal operation).

Hello,

Interface1 Link 2 (interface1 link1 same configuration)

Interface2 Link 2 (interface1 link1 same configuration)

Uplink Balancing

MultiPath Rule

Balanced to:  group interfaces "Link1 - 10.10.10.3/28" and "Link2- 10.10.10.19/28"

Don´t work, something wrong?

Thank you

Review #3.1 in Rulz.

Cheers - Bob

Resolved with a Policy Route.
And was necessary enable option "Bind tunnel to local interface" on VPN.
Thank you

Resolved with a Policy Route.
And was necessary enable option "Bind tunnel to local interface" on VPN.
Thank you