Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN routing

elbracht
We have 2 ASG220 with IPSec VPN  7.403
AS A needs to be the default GW for all internal networks, including the internal network of AS B

on AS A (Default GW) in IPSec->Connections->LocalNetworks we include  and "Any"
On AS B in IPSec-> Remote Gateways -> Remote Networks we include "Any"
That way AS A is the single point for NAT / Proxy / Packet Rules etc.

Once the VPN tunnel with IPSec is up, it works fine, EXCEPT AS B is not reachable (ping, https) on it's public address anymore.

Without the "Any" definition, AS B is reachable from public, but would have to do it's own NAT etc.
Strict Routing on or off makes no difference.

Any clue ?


This thread was automatically locked due to age.
Parents
  • 0
    I have to admit, I'm a bit confused without pictures.  I think you have 'Any' in the wrong place.  Take this out of Remote gateway for AS B and out of Local Netowrks for AS A.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I have to admit, I'm a bit confused without pictures.  I think you have 'Any' in the wrong place.  Take this out of Remote gateway for AS B and out of Local Netowrks for AS A.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Cookie Information Banner