Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 6942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN with two Internet Links

clemylton

Hey guys,

I have a site-to-site IPSec VPN running very well, and i've just assigned another Internet connection;

Interface A: 150MB dinamic IP

Interface B: 10MB static IP

My VPN is running trough Interface A, but im tired of interruptions every time my IP changes, so we now have this second connection. I need to change de VPN settings to this static IP interface. Im trying to change settings pointing to the Inteeface B, but can't get it running. Even manually, i'd like to be able to switch the interface used for VPN.

Any help?

Tks a lot!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If you are migrating the interface in IPSec policy on Site A then did you do the necessary change on Site B appliance?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi,

    Yes, i did. I just noticed that, if i set que Interface B as default gateway, it works!

    Than, i change the configuration to set the interface A as default gateway again, and the VPN keeps working. It looks like the interface needs to be the default gateway at least once for the VPN to connect.

    Im still confused... =)

  • 0 in reply to clemylton

    If you disable the IPsec Connection and then enable it again, your tunnel won't come up.  Does that help explain things?

    If you have two WAN connections, you should be using Uplink Balancing with Multipath rules.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi BAlfson,

    Thank you very much!!! I enabled the uplink balance feature, and set both internet interfaces as active, and now the IPSEC VPN is running.

    I realised that when i set the interface which i have static IP as default gateway, the VPN runs pretty well. But this link is only 10MB. I have a second internet link wich is 150MB. I need to run the IPSEC VPN on the 10MB link, and user the 150MB internet link for everything else.

    With this configuration i realised that connection speed is really slow. i Think i need to set some configuration to trow the trafic to the 150MB link, right?

    Can you help me with that?

    Regards.

  • 0 in reply to clemylton

    Try creating a multipath rule (1 st rule) that sends VPN traffic to the 10MB line, then create a second rule sending all traffic to the 150MB line.

    VPN-traffic will engage the first rule and thus send to 10MB line, every other traffic will engage second rule.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0 in reply to clemylton

    Try creating a multipath rule (1 st rule) that sends VPN traffic to the 10MB line, then create a second rule sending all traffic to the 150MB line.

    VPN-traffic will engage the first rule and thus send to 10MB line, every other traffic will engage second rule.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
Unfiltered HTML