This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic Site-to-Site VPN

Hi All,
Have a problem I’m trying to solve, and I’m not sure how to go about it.  I'm also not positive this is the right place, but it is VPN related.  We're using Sophos UTM's, on firmware 9.204-19.  Our setup is a little complex, so let me lay it all out before I ask the question.

First off, we have a private fiber network connecting our 5 branches.  Looks something like this:
Branch1------Branch2-------hub------hub------branch3------branch4------branch5

They aren’t really linear, but I think you get the idea- 2 branches are connected to one point, 3 branches are connected to another point, and the two connection points are connected by a line.  These are not connected to the outside world.  I’ll call this our private network.

So, now, branch 1 and branch 3 each have a connection to the internet.  The other 3 branches all get their internet from one of those two, over the private network.  If one branch has a failed internet connection, everyone fails over to the other via the private network.

Here’s where the problem lies- when the link gets broken between the two connection points (the hubs), the 2 sets of branches can’t talk to each other (and yes, that does happen occasionally).  What we want to accomplish is this- when that link fails, Sophos goes out and connects a VPN between branch 1 and 3 to restore communication between the branches.  Both branches look like this:

Internet -> modem -> Sophos -> Private network router -> internal network (servers, workstations, etc)

The 3 branches without internet are just Private network router -> internal network.

Here’s where I’m having trouble.  If I try to monitor the ‘uplink’ by telling it to look for branch 3’s private network router, it constantly says it’s down, because it’s trying to go out the external interface to find it.  It can’t, because it’s inside the Sophos.  How can I accomplish monitoring of this to bring up a VPN upon a failed connection?

Thanks in advance for any ideas/help!

Edit - forgot to add Sophos UTM info.

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

Hi, rhouseman, and welcome to the User BB!

I guess that you have an incorrect route somewhere. It sounds like you might want what I described in this thread: PTP Wireless network and WAN Connection Failover. Is that what you're looking for?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 rhouseman over 10 years ago

Thanks!
Checked out the linked post- I will put those ideas to the test sometime this week and report back here on the results.
Cancel
Vote Up 0 Vote Down

Cancel