Hi all. We have a new vendor who hosts their servers at Rackspace, and we need to set up a site-to-site vpn. I could use a pointer or two. Here is an analogous config with distinctive IP's removed.
Corporate network: various 172.16.0.0/12 subnets and various 10.0.0.0/8 subnets.
Firewall "Internal" interface is 172.17.1.1/24, and the router facing the home network is 172.17.1.2/24.
There are a some static routes ("gateway" routes) on Sophos FW of
172.16.0.0/12 => 172.17.1.2
10.0.0.0/8 => 172.17.1.2
So all class A and B RFC1918 traffic is sent to corporate network router.
CORP NETS CORP ROUTER SOPHOS FW INTERNET
The vendor wants to use IP space of 10.1.1.1/32 for their server.
So I put a static route on the local router of
10.1.1.1/32 => 172.17.1.1
And I built the site-to-site VPN, but I realized that the firewall has a static route of 10.0.0.0/8 pointing back to the home router, so the home router and the FW are pointing back to each other for traffic destined to 10.1.1.1/32. A classic routing loop.
So, on the Firewall, I built an "Interface route", and for network 10.1.1.1/32, I pointed that traffic to the "Internal" interface of the firewall.
This works, but the vendor is complaining of traffic being dropped sporadically. Did I build this right? If not, how should I have done it?
TIA,
Brian
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
