Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 9292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is an IPSec Host to Host VPN Possible with Virtual IP Gateway Address

notify.sina
Hi 

I have a Sophos UTM 9 which I need to setup a Site to site VPN with another site and they want to use private addressing to establish the tunnel.
I've run out of interfaces on the UTM, and I created an additional address  on the eth1 using the gateway address they want to use (10.250.50.A).

Is it possible to setup Site to site using an additional address on eth1? After setting up the tunnel the SA and the VPN ID both show the primary Public address of eth1 (4.2.2.50) and not the additional address I had setup for this (10.250.50.A).

SA: 192.168.2.X/32=4.2.2.50 10.250.50.B=172.1.1.37/32
VPN ID: 4.2.2.50


Thanks for any advice!


This thread was automatically locked due to age.
Parents
  • 0
    Ok guys , did the necessary changes , changed 'Vendor Gateway' to 'Vendor Network' .
    Though I had to add a NAT masquerading rule as :

    10.28.4.200/29 --> External (WAN).

    Only then it did allow my machines to go out on the internet.
    Any clarifications on the above ?

    Regards,

    Jeet J

    Network Administrator

    Sophos UTM SG 450,Sophos UTM SG 125 x 6, Sophos SEC,Sophos AP

Reply
  • 0
    Ok guys , did the necessary changes , changed 'Vendor Gateway' to 'Vendor Network' .
    Though I had to add a NAT masquerading rule as :

    10.28.4.200/29 --> External (WAN).

    Only then it did allow my machines to go out on the internet.
    Any clarifications on the above ?

    Regards,

    Jeet J

    Network Administrator

    Sophos UTM SG 450,Sophos UTM SG 125 x 6, Sophos SEC,Sophos AP

Children
  • 0 in reply to JeetJ
    Ok guys , did the necessary changes , changed 'Vendor Gateway' to 'Vendor Network' .
    Though I had to add a NAT masquerading rule as :

    10.28.4.200/29 --> External (WAN).

    Only then it did allow my machines to go out on the internet.
    Any clarifications on the above ?


    I think you may have SNATTED all traffic for those systems to 10.28.4.200/29 and not just the traffic that is destined to go into the tunnel.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Unfiltered HTML