Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 10540 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup Site to Site IPSEC VPN When Both Sites is Behind NAT

xianx x

Hi,

Can someone help me with a step by step or by screenshots how to setup/config this option.

I want that all traffic is going out through site A. So all ip and dns requests.

 

 

Thks

 

Grtz



This thread was automatically locked due to age.
  • 0

    If you haven't figured it out yet, I would guess that SSL VPN is your best bet here.  Do you have the ability add port forwarding rules to the gateway routers?  If not, you may need to get creative.

  • 0 in reply to GoBlando

    Yes, i allready have SSL Site to Site VPN working.

    The probleem i have with the SSL Site to Site VPN is that DNS is leaking. See this post: community.sophos.com/.../ssl-vpn-dns-leak

    That is why i want to setup IPSEC to tunnel ip and dns request from site B.

    Any Idea

  • 0 in reply to xianx x

    I haven't tried this but you might be able to use a Dynamic DNS name on one of your locations and configure the main router in this location to have the UTM be a DMZ device (or at lease make sure all traffic is sent to the UTM).

    You would still need to make manual adjustments since most likely your UTM will not be default "find" the real public WAN address.

    It would be better if you could bridge one of the modems on one of the current locations so you don't have double-NAT on both locations.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    Also you might be able to use UTM to UTM RED connection..... you will then also have to manually configure routing between A and B, but it might be easier to configure in your situation with double NAT on both sides.

    Anyway you will want to configure at lease one main router to port forward to the UTM otherwise no traffic will ever reach the UTM.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Unfiltered HTML