Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating a second IPSEC VPN using a separate internal interface possible?

RussJohnson

I'm looking to replace an older Cisco ASA and replace it with a IPSEC tunnel on the UTM. Unfortunately, the Cisco has static routes set up all over the place pointing to its IP address. Without messing with all those routes, can I create a new internal interface with the same IP address as the Cisco and then create a IPSEC VPN using just that interface?



This thread was automatically locked due to age.
  • 0
    Hi, Russ, and welcome to the UTM Community!

    That depends on how the tunnel is configured on the other end. What device is the other endpoint and can you show us pictures of its config?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    We'll be building a new IPSEC tunnel on the UTM for this. The tunnel on the Cisco ASA will be removed. I'm not sure what relevance the remote side has in this case. Basically I need our UTM to have a second IP address that will act as a different gateway than our default for the remote network. All our servers, DHCP, etc already have a route to the remote network using the ASA currently which is why we'd rather not undo all that and just re-use the existing internal IP for it.
  • 0 in reply to RussJohnson
    The UTM uses StrongSWAN but the capability of communicating a LeftID to a remote device hasn't hasn't been implemented. There are workarounds, but they're dependent on the particular situation. Without more information, the best answer is, "the first things you try probably won't work because IPsec doesn't like NAT."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML