Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6111 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to route between 2 remote networks via VPN

playersons
Hello forum users,

I have this setup:

1. network (Watchguard Firebox)
192.168.44.0/24

2. network (Astaro UTM 9)
10.10.200.0/24
10.20.100.0/24
10.20.200.0/24

3. network (Checkpoint)
10.10.211.0/24

Network 1 has a working VPN tunnel to network 2. Network 2 has a route (via a gateway 10.20.200.1) to network 3, also a VPN tunnel.

I would like to route traffic from network 1 to network 3, from a source on the 192.168.44.0/24 net to a destination on the 10.10.211.0/24 net.
On the Astaro UTM itself, I can ping in any direction and reach all hosts on both remote networks 1 and 3.

I am not really familiar with static routes and such, please kindly point me to the right direction, if possible.

Thanks to all.
playersons


This thread was automatically locked due to age.
Parents
  • 0
    Assuming you cannot create a VPN tunnel between 1 and 3 you will have 2 possibilities:

    1)
    Make sure that both VPN tunnels have ALL remote subnets listed
    From 1: Local = 192.168.44.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 10.10.211.0/24

    From 3: Local = 10.10.211.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 192.168.44.0/24

    From 2 you have to match these subnets in the respective VPN-tunnels.

    Second option is using SNAT in network 2:   Source network 1, destination network 3, change source to network 2
    If you also need access from network 3 to network 1 you have to do the same in reverse.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Assuming you cannot create a VPN tunnel between 1 and 3 you will have 2 possibilities:

    1)
    Make sure that both VPN tunnels have ALL remote subnets listed
    From 1: Local = 192.168.44.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 10.10.211.0/24

    From 3: Local = 10.10.211.0/24, Remote = 10.10.200.0/24, 10.20.100.0/24, 10.20.200.0/24 AND 192.168.44.0/24

    From 2 you have to match these subnets in the respective VPN-tunnels.

    Second option is using SNAT in network 2:   Source network 1, destination network 3, change source to network 2
    If you also need access from network 3 to network 1 you have to do the same in reverse.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML