Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 16401 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec route over gateway route

wutevatse

Hi all, 

I want to know how does the Sophos UTM take priority on network routing.

Take the snapshot below as an example. This routing table is taken from the Sophos UTM at Support > advanced > Routing Table

default via <ISP gateway> dev eth1  table 200  proto kernel onlink 
local default dev lo  table 252  scope host 
default via <ISP gateway> dev eth1  table default  proto kernel  metric 20 onlink 
10.10.0.0/16 dev eth1  proto ipsec  scope link  src 10.20.0.2 
10.10.0.0/16 via 10.20.0.1 dev eth0  proto static  metric 5

The reason there are 2 routes for 10.10.0.0/16 is that I have a site to site VPN configured for subnet local to the UTMA 10.20.0.0/16  to remote subnet behind UTMB 10.10.0.0/16. This site to site VPN is a backup connection.

I configured the static route (gateway route type) is because I want the UTM to route traffic like email notification, Syslog via this static route to our email relay server and Syslog server while the main connection is UP, and if the main connection goes down, it can still send the traffic to via the site to site VPN. *Please note that the main connection is not connected via the UTM.

It seems like the route created by the site to site VPN is taking priority over than the static route.  

Is there a way for the static route to override the IPSec route?   Am I making a mistake on the configuration to achieve what I want to do? 

Any help would be much appreciated. 

Thanks,

MT



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    By default, the route priority is as follows: IPsec, Static and Policy Routes. As you can see from the route table, the static route shows a metric of 5 and the IPsec does not show a metric because it has default metric of 0. To place priority on static route, you must set a metric of 0 on the static route under the Advanced tab.

    Also, to eliminate this problem of overlapping subnets, please refer to: Sophos UTM: How to tunnel between two UTMs which use the same LAN network range

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to Karlos

    Karlos,

    Thanks for the reply. 

    I found out that the IPsec route has a metric value of 0 after reading the online help. So I changed the metric value of the static route to 0 as that's the lowest value I can set. 

    I check the routing table after the change,  the static route was removed from the routing table. Only the IPSec route was left on the routing table. So with that change, IPsec route is still taking priority over. 

     

    Thanks,

    MT

  • 0 in reply to wutevatse

    To be able to use Static Routing, you will need to bind the IPsec Connection to an Interface - see the help.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to wutevatse

    To be able to use Static Routing, you will need to bind the IPsec Connection to an Interface - see the help.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML