Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6353 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route a Single Device through a VPN Tunnel but All Others through WAN

utmadm

I have many devices on the local LAN that route through the UTM. Currently all of them route to the Internet through the WAN interface. 

I have one device where I would like to route it through a VPN tunnel through a separate VPN server, but without changing the routing for all the other devices. The one "tunneled" device has a fixed IPv4 address, and does not appear to use IPv6. I would like it so that the UTM automatically establishes the tunnel to the VPN server, then routes the one device only through that tunnel. The VPN on the other side is a linux server, and I have to configure that linux server as a VPN myself.

I would like to know:

* Which VPN type should I use between the UTM the VPN server? IPSec? SSL? I assume it is a Site-to-Site VPN, right?

* How do I configure the UTM so that it automatically establishes the VPN tunnel and automatically restores it if the tunnel goes down?

* How do I configure the UTM so that it routes only that one device through the VPN tunnel, but leaves the other devices to route through the normal WAN interface?

* Can you suggest any hints about how to install and configure the VPN software on the Linux server at the other end of the tunnel?

Any other suggestions and recommendations would be welcome, of course.

What I would really like to see is a step by step overview of what I need to do. I can probably flesh out the details, but a "big picture" procedure or list would be helpful. 



This thread was automatically locked due to age.
  • 0

    Hi,

    Simply configure SSL or L2TP VPN to connect to VPN Server. This does not require any configuration on UTM as the VPN server will be the remote device.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    @sachingurung suggested: "Simply configure SSL or L2TP VPN to connect to VPN Server. This does not require any configuration on UTM as the VPN server will be the remote device."

    Thank you for the suggestion.

    Unfortunately it won't work. The device is not a general purpose computer. I cannot install VPN client software on it. I need the Sophos UTM to establish the VPN tunnel on the device's behalf, and then have the UTM route the device's communications through the VPN tunnel, while still routing all the other systems/devices through the UTM's own gateway (WAN), bypassing the VPN tunnel.

  • 0 in reply to utmadm

    Assuming that you're not talking about traffic that would be captured by the Web Proxy in Transparent mode...

    It seems like you could configure a site-to-site IPsec VPN with only the Host definition for your device in 'Local Networks' and with "Internet" and maybe the remote LAN in 'Remote Networks'.  Try that, and, if it doesn't work, post back here again with pictures of your configurations on the UTM and the remote VPN.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML