Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 18743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Relay through IPsec tunnel

DigitalLuminary
Hello everyone,

I've been beating my head on this one for a while now and I can't seem to figure it out. I am trying to relay DHCP requests from a remote network to a DHCP server (Windows 2008 SBS PDC) on the local LAN. So far I can use local LAN DNS names from the remote network and can log into the local router from the remote LAN, however, I cannot PING any machine from the Local network to the Remote network just the gateway/router (192.168.1.1). My configuration thus far:

Local LAN (Sophos UTM9 FullGuard)
Local Network: 192.168.0.0/24
DHCP Server: 192.168.0.2 (Windows PDC)
UTM DHCP Relay: Internal(Interface) -> 192.168.0.2

Remote LAN (Sophos UTM9 Home Edition)
Local Network: 192.168.1.0/24
UTM DHCP Relay: Internal(Interface) -> 192.168.0.2 (Will NOT let me add the External(WAN) interface)

What I am I missing here? My intuition says a Full NAT rule, but i'd have no idea how to set one up.


This thread was automatically locked due to age.
Parents
  • 0
    You're right, Barry, it's probably just as secure as an IPsec tunnel.  I don't feel like it's a good idea to do either if any insecure device or person at home can connect to the office.  A separate DMZ at home could work though.

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    You're right, Barry, it's probably just as secure as an IPsec tunnel.  I don't feel like it's a good idea to do either if any insecure device or person at home can connect to the office.  A separate DMZ at home could work though.

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML