Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 54329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access other Site to Site networks

PG10
I have an ASG installation with IPSec connections to two remote networks using Cisco RVS4000 VPN routers. Right now, if I am at the main location with the ASG, I can access everything. If I am at either of the two other locations I can only access the local network and the ASG's network and not the other remote network. Same goes with remote access SSL VPN. I can access the main network, but not either of the IPSec Site to Site networks. I have packet filter rules in place that would allow for the connection to go through. I also have "Any" for allowed networks in the SSL VPN config. Not sure what I'm doing wrong and I can't seem to find any guides that address this setup. Any advice would be greatly appreciated!

Thanks!

-Phil


This thread was automatically locked due to age.
Parents
  • 0
    Hi Phil,

    While the snat trick can be used (sometimes to great effect) its not technically required in order for a remote site to access another via the HQ when you are setup as a hub/spoke topology.

    What you need to do is disable the strict routing control of the tunnel, as this will then allow for the "passthrough" routing that you are lacking, (and solving with SNAT). This has the same effect, but requires less work (and less resulting configuration) to accomplish.

    Might be something you want to try.
  • 0 in reply to AngeloC
    Oh, very cool. I was afraid of turning off anything that said "strict" to avoid being loosey goosey.

    I thought "why would I not want strict routing?"
Reply Children
No Data