Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 14233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

S2S VPN Automatic Routes

candal02
I read somewhere that when a VPN tunnel is created, webadmin automatically creates the routes.  Unfortunately when I do this, the routes it creates are incorrect.  I know it's not random, but it seems to pick different gateways for different destinations through the VPN tunnel, using rules that I do not know.  Is there any way to override these?  I have tried using strict routing and this doesn't seem to help.


This thread was automatically locked due to age.
  • 0
    WebAdmin does this perfectly, so there must be something that works differently from what you expect.

    IPsec or SSL VPN?  Please click on [Go Advanced] below and attach pictures of the configuration open in Edit.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    the routes it creates are incorrect
     it seems to pick different gateways for different destinations through the VPN tunnel, using rules that I do not know
    If you need specific answers, you'll need to be specific with details.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    I've uploaded screenshots as you have requested.  Hope these help.

    As you can see, it is an ipsec tunnel.  With one local network configured on the tunnel, the route table shows the proper default gateway for that local network to reach the remote networks (3 remote networks in total).

    When I add a second local network to the tunnel, it changes the default gateway for both local networks when accessing the remote networks.

    If I were to add a third local network to the tunnel, the default gateway for all three local networks to reach the remote networks would change again.

    -------------------------------

    Interesting [in-ter-uh-sting, -truh-sting, -tuh-res-ting]

    A word typically used by IT technicians to describe an issue they didn't expect, or never encountered, and don't know how to fix.

  • 0
    None of those routes look right to me.  Please attach a picture of the "bhcl-utm" Remote Gateway open in edit and confirm that none of the 'Remote networks' nor the 'Gateway' violates #3 in Rulz.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I agree with Bob.  Please check the points he made.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Bob/Scott thanks for your input.  I verified that none of the definitions break rule 3 or rule 3.1.  I think it's time to open a support case with Sophos.  Thank you both for your time.  I truly appreciate it.

    -------------------------------

    Interesting [in-ter-uh-sting, -truh-sting, -tuh-res-ting]

    A word typically used by IT technicians to describe an issue they didn't expect, or never encountered, and don't know how to fix.

  • 0
    Sounds like a plan.  Please post back the results.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Unfiltered HTML