Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3362 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipseipsVPN tunnel between two branch sites (one of which has a RED)?

krylon

So, I have been given the task to transfer data between two of our branch sites.

Currently, our company network uses a star-like network arrangement with our branch sites connected to HQ through VPN tunnels - network traffic can flow between a given branch site and HQ, but not between two branch sites.

Since our HQ only has a 5 MBit SDSL line for the VPNs which already has to accomodate DFS replication and e-mail, I would like to avoid copying the data through our HQ and establish direct connection between the two branch sites.

Of these sites, one has a UTM of their own, the other has a RED10. Ideally, I could connect the RED10 to the UTM in the other branch office without affecting the link between the RED and our HQ. Is that possible?

If not, I imagine, naively, I could establish an IPsec VPN between the UTM at the branch office and the UTM at our HQ via the RED10 at the branch office. Does this make sense? Would this cause traffice between the two branch offices to flow directly between those offices, or would it clog our SDSL line at the HQ?

Or is my whole line of thinking misled? Is there a better way to achieve what I want?

Thank you very much in advance,

Benjamin



This thread was automatically locked due to age.
Parents
  • 0

    I'm afraid you're a little out of luck with the branch-office using the RED.

    The red can only connect to 1 UTM at any given time and the RED is also not capable of creating a VPN tunnel to another location (other than to its configured UTM). I believe you might need a third UTM for this branch office.

    I don't really get your plan of using an IPsec VPN since it will still travel through the HQ as it already does now I suppose.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    I'm afraid you're a little out of luck with the branch-office using the RED.

    The red can only connect to 1 UTM at any given time and the RED is also not capable of creating a VPN tunnel to another location (other than to its configured UTM). I believe you might need a third UTM for this branch office.

    I don't really get your plan of using an IPsec VPN since it will still travel through the HQ as it already does now I suppose.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
  • 0 in reply to apijnappels

    Agreed with apijnappels, Benjamin.  The "standard" way of connecting two RED sites is with each RED defined as "Standard/Split" with 'Split Networks' containing the HQ LAN(s) and the LAN behind the other RED.

    If you do want to have the two branches to communicate directly, you should ask your reseller for advice on which unit and subscription would make sense to replace the RED 10.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML