This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec - Additional IP's

Ran into this one today.

The UTM has IPSec running to 6 sites on it's primary interface. It also has additional static IPv4 addresses as addtional IP's on it's primary interface.

We need to allow IPSec to another RAS server behind the UTM via NAT whilst still using the UTM's IPSec.

But can't choose the additional interface.

This thread was automatically locked due to age.

0 Jaydeep over 5 years ago

Hi Louis-M

I could not understand your requirements. Do you want to DNAT traffic on the additional interface or DNAT on additional interface to a server over IPSec tunnel?

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 5 years ago in reply to Jaydeep

You will find that you can't DNAT IPSec traffic for an additional IP if you are using IPSec on the Primary interface already. There is no option for it.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to Louis-M

IPsec site-to-site can use an additional IP depending on the definition of the VPN ID Type, Louis, but it applies to all IPsec traffic instead of selected ones. Your idea in your other thread to have multiple Interfaces would seem to be the direction you will want to go.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel