Thanks, in advance.
Testing site-to-site VPN as backup in case primary MetroE link fails.
Core 192.168.23.0/24 - Public: x.x.x.x
Remote 192.168.1.0/24 - Public: y.y.y.y
ALL traffic from remote goes through MetroE line, to Core, and out to internet through Sophos (if not bound for core).
Remote Router > Core Router > Sophos UTM > Internet (Primary)
Remote Router > Cisco ASA > Internet > Sophos UTM > Core Router (Backup)
Core router has IP SLA configured. When Remote Router stops responding to ping, route is removed from Core routing table, and new route placed in table directing traffic bound for Remote network to the Sophos UTM. Remote Router has similar config, sending traffic either to Core Router or to Cisco ASA.
When Tunnel is Up, traffic from remote to core flows appropriately, but traffic to internet is not returned to remote subnet. Routing table shows Remote traffic should be sent through VPN tunnel. Core Router redistributes static route, if available, to Sophos UTM using OSPF. This route shows up when VPN Tunnel is down or Bind to Interface is selected.
How do I configure the Sophos such that the Local MetroE route is preferred over the IPsec VPN route?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
