Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 6763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Migrate an IPVPN from TMG?

sys8dmin

Hello,

i am trying to migrate a IPVPN connection from TMG across to my Sophos UTM.

The TMG set up is:

  • Our ISP managed Core Router in our building has a VPN port which is connected to the "VPN" configured LAN adapter on our TMG server
  • The VPN adapter is set up to use one of our external IP addresses
  • Our remote sites connect back to this Core router via ISP managed Cisco router at each site

I have tried setting up a new interface on the UTM device with the same settings as the old VPN interface, then powering off the old TMG firewall, enabling the new interface on the UTM but I wasn't seeing any traffic across the interface and I could not ping my remote sites?

Does anyone have any pointers?

Thanks,

Mark.



This thread was automatically locked due to age.
Parents
  • 0

    I'm not sure what I'm looking at in the Firewall log, but I guess that you have a different problem.  Unless you set the Virtual MAC on the interface used for the VPN to be the same MAC as the one on the TMG, you will need to clear the ARP table in any router/switch that was formerly connected directly to the TMG. The easiest way to clear the ARP tables is to reboot the router/switch.  Any luck with that?


    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Second this.  Most of the time I have gotten away with out doing this but every once in a while the ISP equipment just does not want to give-up the old MAC.

  • 0 in reply to jimmygrec

    Thanks guys, I will try a reboot of the Cisco switch while the interface is running through the UTM and report back.

    Thanks,
    Mark.

  • 0 in reply to sys8dmin

    Hi,

    The issue turned out to be 2 missing Masquerading Rules on the UTM under Network Protection\ NAT\ Masquerading.

    With the help of a Sophos support Rep we were able to add these two rules and get traffic flowing over the VPN Interface.

    before this I had contacted my ISP and confirmed that there were no ARP or router issues stopping the connection.

    Thanks.

Reply
  • 0 in reply to sys8dmin

    Hi,

    The issue turned out to be 2 missing Masquerading Rules on the UTM under Network Protection\ NAT\ Masquerading.

    With the help of a Sophos support Rep we were able to add these two rules and get traffic flowing over the VPN Interface.

    before this I had contacted my ISP and confirmed that there were no ARP or router issues stopping the connection.

    Thanks.

Children
No Data
Unfiltered HTML