When you have configured an IPSec site-to-site tunnel on a WAN alias address configured on your SFOS device, you may find that traffic gets redirected out to another interface and the tunnel may have trouble forming or there are routing problems.
This article describes the steps on how to enable routing over an alias IP address to allow routing to work correctly.
Applies to the following Sophos products and versions Sophos Firewall XG Software v16.05.6 MR6Sophos Firewall XG Software v17.0.0Sophos Firewall XG Software v17.1.0 GASophos Firewall XG Software v17.5.0 GA
To enable routing over an alias IP address when the source is the alias address, you will need to run the following command in the CLI console as this settings is disabled by default:
set routing source-base-route-for-alias enable
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.