Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 3192 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding site traffic over VPN

roastbeefokie
Hi All,
I've been working on accomplishing something the last couple days and I'm not having much luck.  I've looked over the forums and found somewhat similar issues, but none of them seem to really help with the problem I'm having.

Basically I have two sites that are connected via an IPsec tunnel.  One of the sites has been whitelisted for traffic to come to it to one of our vendors, so I want to have specific web traffic routed through the smaller office to the main one.  
What I've done is try to set up a routing policy at the smaller satellite office like follows:

Position: 1
Route Type: Gateway route
Source interface: any
source network: any
service: any
Destination network: /24 of the ips the vendor uses
Gateway: the internal ip gateway at the main office

Traceroutes are showing that this isn't going through the main office at all, nor can I ping it (which is normal, the other office is out of the country).  Am I barking up the wrong tree here?  Is there a better way I should be doing this?


This thread was automatically locked due to age.
  • 0
    Not sure if this would work, but I think you should use NAT for this

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Hi, r b okie and welcome to the User BB!

    Routing and VPNs don't play well together.  If I understand correctly, you just need to add the "/24 of the ips the vendor uses" subnet to the tunnel - to 'Local networks' in the Main office and to 'Remote networks' in the Branch.

    You might need a NAT instead.  Let us know if my suggestion doesn't work for you.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for the suggestions!  I'm going to give it a bit more work and report back.  
    This has been a more complicated networking issue than I'm used to, but it's certainly been a good learning experience...
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML