Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 28286 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route all external traffic via site 2 site ipsec

Bate

Hi,

I tried to google and to search the forum, but haven't really found a solution...

I have an UTM 9.3 (192.168.2.1) in the US with a stable site 2 site ipsec tunnel to a remote fritz box (192.168.1.101) in Germany. I can reach all devices in the remote network very well.

What I would like to achieve is:

Route traffic to certain external hosts / networks or even all external traffic through the VPN tunnel ("Full Tunnel").

I followed the how-to https://www.sophos.com/en-us/support/knowledgebase/115661.aspx, but with no success.

I also tried a policy route: Gateway Route, Source Interface: internal, Source Network: internal network, Service: any, Destination Network: External Network, Gateway: fritz box (192.168.1.101).

In my findings the configuration on the fritz box side should not cause the issues so far, since traffic is not even directed to the tunnel so far. (Or are some crucial routes negotiated in the background already, when the tunnel is established?)

Any tips / recommendations would be appreciated. :)



This thread was automatically locked due to age.
  • 0 in reply to Bate

    I have to admit though - the connection both the fritzbox NW and the external NW via the fritzbox is not very stable.

    Probably more fine tuning is required.

    I do not have the energy to investigate further since the performance is not great. The Uplink would allow 10 MB/s but I only get 5 or less.

  • 0 in reply to Bate

    if it is a 7490 fritzbox you would get around 10mbit/s, with something older you will get less and lots of "fun" cause if the fritzbox is beeing used locally you will have alot of VoIP interference. 

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Bate

    If the Fritzbox is slow, disable compression and use AES 128 PFS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML