Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 4122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single Host to use Internet of Hub via VPN

x1xxomx1xx
Hi all
I would like to setup the following

Site A CH Sophos UTM  192.168.30.0/24-> Site B USA Zywall USG 100  192.168.20.0/24

Client X from Site A uses Internet of Site B, all other clients of Site A use Internet of Site A 

I used to do this on a Zywall and did a Policy Route with a dedicated IPSEC Tunnel and selecting it for the route to 0.0.0.0 (ok, not that nice, but it worked). 

I setup the VPN according to the screenshots.


This thread was automatically locked due to age.
Parents
  • 0
    If deselecting 'Strict Routing' in the Sarasota_VPN_Client and then disabling/enabling that IPsec Connection doesn't do it, I don't think there's an easy way to solve this routing problem.  If you can get Sophos Support to take a look around, there might be a configuration error elsewhere that I'm not imagining or a bug I don't know about. The IPsec configurations are correct and this should work.

    If there's no resolution, I would instead disable/delete the Sarasota_VPN_Client and do this with a Gateway route and a corresponding SNAT:

    'Roku3 -> Any -> Internet' to "Sarasota_FW"


    and simply let them route the traffic.  In fact, there's no additional security gained by encrypting this traffic in a VPN between the two locations.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    If deselecting 'Strict Routing' in the Sarasota_VPN_Client and then disabling/enabling that IPsec Connection doesn't do it, I don't think there's an easy way to solve this routing problem.  If you can get Sophos Support to take a look around, there might be a configuration error elsewhere that I'm not imagining or a bug I don't know about. The IPsec configurations are correct and this should work.

    If there's no resolution, I would instead disable/delete the Sarasota_VPN_Client and do this with a Gateway route and a corresponding SNAT:

    'Roku3 -> Any -> Internet' to "Sarasota_FW"


    and simply let them route the traffic.  In fact, there's no additional security gained by encrypting this traffic in a VPN between the two locations.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    you are right, the problem was on the other end of the tunnel on the Zywall. When i used Zywall to Zywall VPN before using Sophos to Zywall, i had to create a policy route for the LAN Subnets - otherwise i had no connectivity. I removed them and now everything works like a charm. 

    I could remove encryption as it is only Internet traffic, true.
Unfiltered HTML