Hello, i am trying to migrate a IPVPN connection from TMG across to my Sophos UTM. The TMG set up is: Our ISP managed Core Router in our building has a VPN port which is connected to the "VPN" configured LAN adapter on our TMG server The VPN adapter is set up to use one of our external IP addresses Our remote sites connect back to this Core router via ISP managed Cisco router at each site I have tried setting up a new interface on the UTM device with the same settings as the old VPN interface, then powering off the old TMG firewall, enabling the new interface on the UTM but I wasn't seeing any traffic across the interface and I could not ping my remote sites? Does anyone have any pointers? Thanks, Mark.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Migrate an IPVPN from TMG?

sys8dmin over 9 years ago

Hello,

i am trying to migrate a IPVPN connection from TMG across to my Sophos UTM.

The TMG set up is:

Our ISP managed Core Router in our building has a VPN port which is connected to the "VPN" configured LAN adapter on our TMG server
The VPN adapter is set up to use one of our external IP addresses
Our remote sites connect back to this Core router via ISP managed Cisco router at each site

I have tried setting up a new interface on the UTM device with the same settings as the old VPN interface, then powering off the old TMG firewall, enabling the new interface on the UTM but I wasn't seeing any traffic across the interface and I could not ping my remote sites?

Does anyone have any pointers?

Thanks,

Mark.

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

I'm not sure what I'm looking at in the Firewall log, but I guess that you have a different problem. Unless you set the Virtual MAC on the interface used for the VPN to be the same MAC as the one on the TMG, you will need to clear the ARP table in any router/switch that was formerly connected directly to the TMG. The easiest way to clear the ARP tables is to reboot the router/switch. Any luck with that?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 jimmygrec over 9 years ago in reply to BAlfson

Second this. Most of the time I have gotten away with out doing this but every once in a while the ISP equipment just does not want to give-up the old MAC.
Cancel
Vote Up 0 Vote Down

Cancel
0 sys8dmin over 9 years ago in reply to jimmygrec

Thanks guys, I will try a reboot of the Cisco switch while the interface is running through the UTM and report back.

Thanks,
Mark.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sys8dmin over 9 years ago in reply to jimmygrec

Thanks guys, I will try a reboot of the Cisco switch while the interface is running through the UTM and report back.

Thanks,
Mark.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 sys8dmin over 9 years ago in reply to sys8dmin

Hi,

The issue turned out to be 2 missing Masquerading Rules on the UTM under Network Protection\ NAT\ Masquerading.

With the help of a Sophos support Rep we were able to add these two rules and get traffic flowing over the VPN Interface.

before this I had contacted my ISP and confirmed that there were no ARP or router issues stopping the connection.

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel