Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 5948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 IPsec VPN with VLAN interfaces.

SinaOwolabi1

Hi!

 

I have a problem where an ISP and the Sophos can only only communicate using one dedicated interface (eth2) to their equipment.

Now the ISP is carrying traffic for two customer networks and I am expected to setup VPNs to both customers using the same interface.

I can see that the Sophos UTM 9 does not allow use of virtual/secondary interfaces to setup IPSec site-to-site tunnels.

But if I convert the secondary interfaces to Ethernet VLAN interfaces mapped to eth2 on the UTM, will setting up IPSec VPNs using these interfaces be allowed? 



This thread was automatically locked due to age.
Parents
  • 0

    The answer is "yes".

    But does the other end of the connection (the customer at the other end) need to be aware of the VLAN tagging?

    The connection is from UTM9 <--> ISP switch <--> ISP Fibre channel <--> ISP point to multi-point hub <--> ISP customer's switch <--> Customer router.

  • 0 in reply to SinaOwolabi1

    Sina, IPsec is very flexible.  You can configure many different tunnels on a single interface.  No, VLANs are not the right technology to do what you want.  Show a diagram with sample subnets at each site which should be connected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to SinaOwolabi1

    Sina, IPsec is very flexible.  You can configure many different tunnels on a single interface.  No, VLANs are not the right technology to do what you want.  Show a diagram with sample subnets at each site which should be connected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob!

     

    I am so very sorry I did not respond to this post for so long.

    But I found a workaround.

    I later found out from the ISP the kind of network routing they had (without telling us first) plugged us into,

    and I have all the customers and ourselves in the same /24 subnet. So each customer is now setup with their

    individual IPSec VPNs with our IP, kind of a hub and spoke arrangement with us as the hub.

Unfiltered HTML