This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I configure AT&T EaMIS / WAN subnet routing?

Hi all,

At one of our new locations where we installed a new AT&T fiber optic internet circuit we received different routing and IP information than for our other locations where we have fiber optic internet service. Usually (from Zayo, Verizon, etc.) we simply receive our IP addresses (IP subnet), a gateway and a subnet mask we configure our WAN interface with. At those locations and the new one we simple get fiber optic handoffs from the carriers that we run into our Sophos UTMs (with FleXi Port modules).

At our newest location where we are in the process of installing an AT&T fiber optic circuit we received the following:

AT&T Router WAN IP: 12.252.---.225/30
Customer Router IP: 12.252.---.226/30
Customer LAN IP: 12.97.---.120/29
SubNet Mask: 255.255.255.248

AT&T separates here into customer WAN and customer LAN. For us both subnets are WAN facing even the customer LAN portion. The customer LAN portion we actually want to use as our WAN IP addresses that we assign to our external interface. As always internally we use the Sophos UTM DHCP service to assign internal IP addresses.

To me this looks like as if I had to do some additional WAN routing.

How do I configure all this on just the Sophos UTM? If you can help, please explain the steps in detail. I do not want to install a separate additional router that is in between the Sophos UTM and the carrier handoff.

Your help is greatly appreciated!
We are really stuck here.

Best,
Daniel

This thread was automatically locked due to age.

0 GeorgeGuel over 7 years ago

Hi Daniel

I had the same issue, Couldn't figure out how to do a /30 transit address and a /29 hand off in the same UTM.

I ended up purchasing an edge router to get my network up and running.

but If it can be done in the UTM then I would much prefer to do it that way.

have you been able to do it?

Thanks

George
Cancel
Vote Up 0 Vote Down

Cancel
0 DanielKoenig over 7 years ago in reply to GeorgeGuel

Hi George,

Take a look here: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22683/sophos-utm-internal-routing

This explains the issue in more detail and I provided a lot more information there on what we were trying to solve for. Unfortunately, I still don't have any more information than provided in my post there from July 14, 2016 at 4:06PM.

Here is how we configured it on our Sophos UTM 9.5:

Interfaces & Routing > Interfaces > Interfaces:

Here we configured the /30 subnet for our WAN interface.

Interfaces & Routing > Interfaces > Additional Addresses:

Here we added all the additional IP addresses from the customer subnet we received. You can add as many as you have or are need for separate traffic routing.

Network Protection > NAT > NAT:

Here you specify how to route with the various additional IP addresses. In my examples above, we send all the traffic coming from the LAN using any service going out to the Internet with one of the additionally configured IP addresses instead of the default /30 subnet IP address configured for the WAN interface.

All this works as long as you don't use Web Protection > Web Filtering for that certain network or host, if you do, no matter what you have configured, Sophos UTM up until the current version 9.5 reverts back to what you have configured in Interfaces & Routing > Interfaces > Interfaces and only uses the /30 subnet customer IP address even though you might have configured a different behavior with additional IP addresses and NAT. It simply gets ignored. I have not found a solution or workaround for this.

I hope all this helps. Let me know in case you have any further questions.

Best,
Daniel
Cancel
Vote Up 0 Vote Down

Cancel