Anyone know if there's been so much as a peep of interest/understanding of this issue: Expand ipsec.conf control to webadmin
from Sophos?
I've got a UTM instance running in an Amazon VPC-- so by definition it's behind whatever network infrastructure Amazon uses and therefore the public IP (EIP) I'm using as a peer IP for VPNs is NOT something the UTM itself is aware of. As a result, it advertises its address as being its private IP-- which causes all manner of problems with many VPN implementations. Checkpoint and PaloAlto devices at the very least.
In those cases, I need to tell the other side to set the VPN ID for my end of the connection to the PRIVATE IP of my Sophos UTM, rather than the public peer IP. This works... but it's ridiculous that the other side needs to know anything about the private network at my end. The whole point of NAT is that they should only see and care about the NAT IP address.
Unfortunately, because the UTM GUI doesn't allow setting of the LEFTID parameter, I can't make it use the right IP.
I don't understand why the whole usefulness of this product has to be crippled by not exposing one simple parameter that the underlying software already uses. Sure, I can void my support/warrenty and hack the ipsec.conf myself, but the whole reason I bought an appliance was to avoid that sort of thing.
Anyway-- the feature request above already lays out the whole situation pretty well. Hope we'll see this make it into an update in my lifetime....
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
