This article explains how to allow remote access users to reach another site via a Site-to-Site Tunnel.
In the following example, in order to keep things clear, the Site-to-Site VPN uses IPsec and the Remote Access method is SSL VPN. Since it's more secure to have Remote Access users work with a "full" tunnel, the "Internet" object is included in the appropriate place. The items in italic and bold are the changes needed to allow remote users to go through the tunnel from Site1 to Site2.
Applies to the following Sophos product(s) and version(s) Sophos UTM Software ApplianceSophos UTM
Note: The Sophos UTM configurations for the L2TP and PPTP Remote Access methods don't change when remote users are allowed to use a Site-to-Site tunnel. It's only necessary to make the additions to the Site-to-Site configurations and ensure that any VPN Pools are different.
Interface "Internal" has a subnet of 172.20.11.0/24
'Network definition' "VPN Pool (SSL)" = 10.242.2.0/24
'Network definition' "LAN at Site2" = 172.20.12.0/24
Check 'Automatic packet filter rules'
'Local networks' = "Internal (Network)" and "LAN at Site2" and "Internet"
'Remote Gateway' 'Remote Networks' = "LAN at Site2"
'IPsec Connection' 'Local Networks' = "Internal (Network)" and "VPN Pool (SSL)"
Interface "Internal" has a subnet of 172.20.12.0/24
'Network definition' "VPN Pool (SSL) at Site1" = 10.242.2.0/24
'Network definition' "LAN at Site1" = 172.20.11.0/24
Not activated with the same IP pool as "VPN Pool (SSL) at Site1"
'Remote Gateway' 'Remote Networks' = "LAN at Site1"and "VPN Pool (SSL) at Site1"
'IPsec Connection' 'Local Networks' = "Internal (Network)"
This article was submitted by Robert H. Alfson (Bob), MediaSoft Inc.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.