So in my mind this sounds like an easy process - but in practice the solution I've come up with is a bit hacky and I was wondering if there was a simpler way.
Pretty much I have a Site-to-Site SSL based vpn with the local UTM (192.168.3.1) and the remote UTM (192.168.5.1) I then have a VPN gateway at 192.168.5.4 and all I want to do is say for example "www.google.com" gets routed over the Site-to-Site and to the VPN gateway.
On the remote UTM I have a simple static gateway route for "www.google.com"->192.168.5.4 so everything on the 192.168.5.0/24 network uses the correct gateway. However of course just adding a static route on the local UTM for "www.google.com->192.168.5.4 wouldn't work so instead I have a static route for "www.google.com"->10.245.2.5 (aka tun0 gateway for the Site-to-Site interface) then just some simple firewall rules on the remote end to allow traffic from the tun0 address and also added a catch all policy route for the tun0 address through to 192.168.5.4 just incase the two DNS group ip lists don't match.
There must be a simpler way! It seems like it should be a common requirement that I must be missing something here!
Thanks
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
