Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 3647 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I pass traffic through a central UTM from two separate sites?

MarkBruchkowsky1

I currently have the following setup: Site B >>> Site A <<< Site C, with A-B and A-C being IPSEC VPN connections. I am looking to pass traffic from Site C to Site B through Site A, but I'm not sure how I accomplish this.

 

I tried to define static routes, and NAT, but I feel like I'm looking in the wrong place. Any suggestions on how to set this up? Currently, Site C cannot even ping Site B.



This thread was automatically locked due to age.
Parents
  • 0

    Hello MarkBruchkowsky1,

    you have to put the Remote Lan on the other site B/C from the vpn tunnel and also the local Networks on A

    E.g. Site A/B

    For Site A:
    Local Networks
    Site A
    Site C

    Remote Networks
    Site B

    For Site B:

    Local Networks:
    Site B

    Remote Networks:
    Site A
    Site C

     

    The same thing you have to do for Site A/C

    Afterwards you yust have to set firewall rules

    Source:
    Site B
    Site C

    Services: Any

    Destination:
    Site B
    Site C

  • 0 in reply to DKKDG

    Thank you for the assistance DKNL. Unfortunately, having gone through all of those steps, I am still unable to ping Site C from Site B.

  • 0 in reply to MarkBruchkowsky1

    For ping you have to set the following options

    Network Protection

    Firewall -> ICMP

    Allow gateway forwards pings

    These must be done on all firewalls

  • 0 in reply to MarkBruchkowsky1

    Hi, Mark, and welcome to the UTM Community!

    I didn't look closely at the instructions above, but my impression was that you should have connectivity.  If not, compare to Hub and Spoke Help.

    If you have connectivity but can't ping, it's a different problem.  At some point, the settings on the ICMP tab only applied to outbound traffic and a separate firewall rule was required.  I don't know if it's still the case, but you might try a rule like '{B & C} -> Ping -> {B & C} : Allow'.

    Please let us know if that resolves your issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to MarkBruchkowsky1

    Hi, Mark, and welcome to the UTM Community!

    I didn't look closely at the instructions above, but my impression was that you should have connectivity.  If not, compare to Hub and Spoke Help.

    If you have connectivity but can't ping, it's a different problem.  At some point, the settings on the ICMP tab only applied to outbound traffic and a separate firewall rule was required.  I don't know if it's still the case, but you might try a rule like '{B & C} -> Ping -> {B & C} : Allow'.

    Please let us know if that resolves your issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML