Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6106 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to route between 2 remote networks via VPN

playersons
Hello forum users,

I have this setup:

1. network (Watchguard Firebox)
192.168.44.0/24

2. network (Astaro UTM 9)
10.10.200.0/24
10.20.100.0/24
10.20.200.0/24

3. network (Checkpoint)
10.10.211.0/24

Network 1 has a working VPN tunnel to network 2. Network 2 has a route (via a gateway 10.20.200.1) to network 3, also a VPN tunnel.

I would like to route traffic from network 1 to network 3, from a source on the 192.168.44.0/24 net to a destination on the 10.10.211.0/24 net.
On the Astaro UTM itself, I can ping in any direction and reach all hosts on both remote networks 1 and 3.

I am not really familiar with static routes and such, please kindly point me to the right direction, if possible.

Thanks to all.
playersons


This thread was automatically locked due to age.
  • 0
    Assuming you cannot create a VPN tunnel between 1 and 3 you will have 2 possibilities:

    1)
    Make sure that both VPN tunnels have ALL remote subnets listed
    From 1: Local = 192.168.44.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 10.10.211.0/24

    From 3: Local = 10.10.211.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 192.168.44.0/24

    From 2 you have to match these subnets in the respective VPN-tunnels.

    Second option is using SNAT in network 2:   Source network 1, destination network 3, change source to network 2
    If you also need access from network 3 to network 1 you have to do the same in reverse.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    I like your first solution better - much cleaner.  Gert explained that very well almost five years ago, and I then summarized his decription in https://community.sophos.com/products/unified-threat-management/astaroorg/f/68/t/58783

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for the helpful answers. I forgot to mention that I do not have any privileges for the Checkpoint gateway of network 3. So will try the SNAT option as suggested. I assume that I have to add some sort of static route for network 1?

    Thank you,
    playersons
  • 0
    No you shouldn't need static routing, since your watchguard in network 1 already knows about the subnets because they need to be configured in the VPN tunnel, you will need to configure network 3's subnets in both network 1's and network 2's VPN config.
    Of course this means that you will have to have privileges in both network 1 and 2.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    Thank you very much, this solved it.

    playersons
  • 0
    You're welcome!

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML