I am trying to set up a separate work related network in my home. Originally I have my firewall set up with an inside interface with a few 192.168.x.x subnets and outside interface set as default route to the Internet. It is providing several services such as proxy, ntp, email forwarding, etc successfully using AD for authenticating web traffic. At this point, everything is working exactly as expected.
Now what I want to do is set up a new internal “work” interface in the 10.x.x.x network and have all traffic for this subnet go over an IPSec tunnel while leaving the inside interface alone. The tunnel itself was easy enough to set up but the routing is eluding me at this time.
Under Connections I have an IPSec connection set up with my internal 10.x.x.x subnet listed as the Local network and Strict Routing enabled. In Remote Gateway s tab I can set up 0.0.0.0 for the remote networks and the tunnel connection works as expected but all routing for my 192.168.x.x network now fails. If I try to ping an external IP, such as google.com, from the firewall it will fail. If I change the remote networks to 10.0.0.0/8 then I can still get to my work network from the internal work interface and I can now route the home inside interface as expected. However, I have several subnets I need to get to over the tunnel and really need to leave it at 0.0.0.0.
I really need to route everything from my work interface out the tunnel and to segregate the inside from the work interfaces.
Update: apparently, only the routing on the firewall itself is affected. I can ping IP's and Trace route from internal networks through the firewall but can't resolve hostnames since the firewall is being used as a forwarder. I also found that ping and traceroute do not work on the firewall using the tools section??
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
