This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Build network with modem dual WAN Cisco and Sophos UTM (HA)

Hi all,

 

I want to build a network system with Modem dual WAN Cisco RV320 and 2 Sophos SG115.

ISP1          ISP2

  |__        __|

       |      |       -----> Need Use DSL(PPOE) to configure

      RV320  

        |     |  

-----      --------

  |                 |    ------> Need Use DSL(PPOE) to configure

SG115  ---HA--- SG115

 

Step 1. I will configure DSL(PPPOE) for 2 WAN ports of Cisco RV320.

Step 2.  At output of RV320, I want to configure to select the information of 1 in 2 DSL input. 

Because at Sophos SG115:

- I need configure DSL(PPPOE) interface at input

- All firewall rule was configured on SG115

- SG115 created VPN SSL to connect with other SG115 server, clients use SG115 to connect directly to server.

 

So my questions:

1. How can I configure DSL output for RV320 to it become a input of SG115?

2. If RV320 can not configure as question 1, do you know any modem dual WAN suitable?

3. If the output of modem Cisco is only LAN, can you guide me how to configure VPN SSL to connect SG115 local to SG115 server through VPN passthrough of Cisco modem?

Please help me about my problem. Thank you very much!



This thread was automatically locked due to age.
  • Chào Huynh,

    1. & 2. Why not just make normal Ethernet connections?

    3. This should just be a regular IPsec site-to-site configuration as long as both SG 115s have an un-NATed public IP on their External interfaces.

    With two active WAN connectos, you might be interested in Auto-Failover IPsec VPN Connections or Sophos UTM multiple S2S IPsec VPN mit Failover – Tutorial (DE) (All pictures are with WebAdmin in English).  The first is easier to realize and the second offers almost instant failover.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Thanks for your concerning 

     

    1 & 2. I want to DSL connection because SG115 will have all main configure on it such as VPN, NAT, firewall rule..., not sure with Ethernet can do that

    Furthermore, in my scenario SG115 only one WAN input, you can see picture below. So I need look for device can failover 2 WAN Inbound put in front of 2 SG115

     

    3. I can change VPN to IPsec if have no way, but seem your refer links are not my situation

    Hope you are understanding now

     

    Thanks,

    Vuhuynh 

  • 1&2. Yes Ethernet can do that, Vuhuynh.

    Since you control the 320, I would recommend putting both WAN connections on separate Ethernet VLANs so that you only need a single Ethernet connection to your SG 115s.  If you insist upon having two WAN connections come as DSL to the UTM, you will need two separate Ethernet ports on each SG.  If you do that, and you have VLAN-capable switches, you could put both LANs as VLANs on a single Ethernet port.

    The VPN WAN failover I suggested would work with either the VLAN approach or the two-DSL approach above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA