Dear BAlfson,
Can you give me an enlightenment in a scenario I'm trying to solve here?
I have exactly the same scenario as described in here:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/102/t/69431
I've also tried creating "Availability Groups" for using ate the VPN config. NO uise as I "override hostname" doesn't accept Availablity groups (as described on the link above).
I've also tried static routes but the VPN SSL tunnel has a default metric of "0" so they stand above my rules. To counter that setting I've tried a more restrictive static route (for a group of subnets instead, narrowing it so it would move up on the routing table). When I do that, the routing works but if my L2L fails I can't reach the other end with the VPN tunnel as it forces my packets through the L2L.
I've tried policy routing but get the same results as the solution right above.
To be more specific, my scenario goes as follow:
ASG 1
/ |_______\
| |________|
(Internet)____(Lan-to-Lan)
| |________|
\ |_______/
ASG 2
I need to set this up in a way that the ASG 1 and 2 talks to each other by the L2L dedicated link, but if the L2L fails, the connection goes by the VPN (SSL) using the public internet interfaces.
The L2L can't be a default gateway because it doesn't threat internet traffic. I have created an availability group in this order (L2L > Uplink 1 > Uplink 2) but I can't set it up at the SSL VPN settings.
Since the scenario posted by Ölm, in the link I mentioned, is from 2009; is there a way to set up a VPN using availability groups which I failed to see? If not, is there another way to make this scenario work?
Thanks in advance.
Regards,
Thiago.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
