HI all,
I hope, someone can point me to the right direction.
I've setup a simple site2site VPN connection between Sophos UTM 9 and a Juniper SSG device. So far, no problem.
The Sophos UTM is behind a router doing NAT. Here are some example network definitions.
Sophos UTM:
IP on "external" interface: 192.168.30.2/24 (def. gw: 192.168.30.1)
IP on "internal" interface: 192.168.1.1/24
Remote device networks:
10.1.1.1/30 (transfer network. see below)
And these networks:
10.0.0.1/24
10.0.2.1/24
10.0.3.1/24
...
10.0.7.1/24
So all could be written as 10.0.0.0/21.
I can access all services so far. For example hosts in 10.0.2.x, 10.0.0.x. So far, no problem. The problem is, that one subnet (10.0.1.0/24, which is within the /21 range) is only accessible via another router. So, the remote Juniper device uses a "transfer" network to reach 10.0.1.0/24 (the transfer network is: 10.1.1.0/30, 10.1.1.1 is the juniper, 10.1.1.2 the other router we need to get to 10.0.1.0/24
So. Normally, I would create a route on the UTM like
ip route add 10.0.1.0/24 via 10.0.0.1. So packets coming from 192.168.1.x should go like this
For example 192.168.1.45 -> 192.168.1.1 (int) -> 192.168.30.2 (ext) -> VPN tunnel to 10.0.0.1 which should then pass via local 10.1.1.1 to 10.1.1.2 further to 10.0.1.0/24.
When I - manually - create this route, it is not passed through the VPN tunnel. The result is, that I get an "destination unreacheable" with the answer from the "external" IP of the UTM (so 192.168.30.2).
So what do I need to do to get packets with destination 10.0.1.0/24 to route via 10.0.0.1 (which is accessible via IPsec tunnel)?
I hope, everybody understood, what I want ;-)
Thank you very much.
Robert
This thread was automatically locked due to age.
