Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2585 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site IPsec outgoing traffic from WAN site2

alebeta
Hello friends!

I have the next setup for the IPsec tunnel

Site(A):
IP:192.168.108.16
Subnet: 192.168.108.0/24
Device: CentOS linux IPsec server

Site(B)
IP:192.168.88.2
Subnet: 192.168.88.0/24
Device: Sophos UTM 220

Boths network can be reachable from boths subnets and work correctly.

My question is, how i can say to the subnet from Site(B) to connect to the internet (WAN) using the internet connection of the Site(A). Because we want to make all the internet traffic go through the SiteA Wan connection.

Both device are in different geographical location, connected by public IPs.

Thanks for your time, and if you need more information to help me to solve the situation, i can give more information.

All the best.


This thread was automatically locked due to age.
Parents
  • 0
    Hi, alebeta, and welcome to the User BB!

    In order to make a "full" tunnel, simply add "Internet" to 'Local Networks' in Site(A) and to 'Remote Networks' in Site(B).  In Site(A), you also will need the appropriate masq and firewall rules as well as adding the Site(B) subnet to 'Allowed networks' in Web Filtering, DNS, etc.

    Ben, I know that you can do this with a RED tunnel, and there can be times when it's preferable.  I normally only use UTM-to-UTM RED tunnels for situations where I need to have (or am stuck with) the same subnet on both sides.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, alebeta, and welcome to the User BB!

    In order to make a "full" tunnel, simply add "Internet" to 'Local Networks' in Site(A) and to 'Remote Networks' in Site(B).  In Site(A), you also will need the appropriate masq and firewall rules as well as adding the Site(B) subnet to 'Allowed networks' in Web Filtering, DNS, etc.

    Ben, I know that you can do this with a RED tunnel, and there can be times when it's preferable.  I normally only use UTM-to-UTM RED tunnels for situations where I need to have (or am stuck with) the same subnet on both sides.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML