Hi All,
I have two sophos UTM's running ok and they connect to each other for a site-to-site vpn.
Recently at one site, we have had the need to isolate our vpn traffic from our production traffic. As a result, we have purchased a new uplink from our data center. I have plugged this new uplink into interface 5 of our SG310. I assigned the interface a new ip address from a new block assigned by the datacenter and am able to ping it from the internet. (ie our primary link and this new link have addresses from two different networks).
Next step, I have made very minor modifications on both sides to get the vpn tunnel up and working. Tunnels are green and working.
However, one thing I notice, it appears as if most of the new bandwidth I have purchased (20mbps) that I am sending across is still using the first the link and not the second we just purchased. It does appear some traffic is flowing across it though, maybe 1 of 20 mbps.
I do not have any additional routing set in. I've just selected automatic firewall rules. I have checked and unchecked the strict policy in the vpn config to no avail.
I have also tried the option to 'bind tunnel to local interface'. I think I'm on to something here, when I select this though, I am unable to ping across the vpn.
Any help appreciated.
UPDATE: I suspect what is happening is that traffic is leaving my secondary wan interface and routing itself through the main wan interface then through the default gateway. I tried putting a policy route in to push the traffic through the new interface but the tunnel dies with the addition of a policy route.
I don't know if this is a bug in sophos or just not doing it right. I'm wondering if I should consider removing the default gateway and just adding routes, but this is production so I can't really mess around to much.
PS - we are not interested in making either of these uplinks redundant to each other, we are already fully redundant in that regard.
This thread was automatically locked due to age.
