Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 1343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual ISP dedicated site 2 site vpn on one

Jeffry Rollins

Hi,

 

I have a client with an SG 310 UTM running 9.510-5.  We have recently installed a Century Link fibre connection in addition to the Comcast Cable (500/35 Static IP) connection already in place.  We would like to use the Century Link connection (100/100 Static IP) for our site to site vpn with a satellite office.  We are currently using the Comcast connection for this but the max 35 mbps uplink is causing havoc with some of our internal enterprise systems.

I have tried simply replicating the same configuration that is currently working and substituting the Fibre connection for the cable connection, but it doesn't connect.  When I try to add the gateway address to the fibre connection it automatically enables uplink balancing.  This still doesn't work, even if I wanted to use the balancing function (which I don't at this time).

What am I missing?



This thread was automatically locked due to age.
  • 0

    Which side initiates the VPN connection, i.e. is the UTM set to Initiate or Respond Only?  

    What does it say in the Ipsec log when you attempt to connect using the Century Link connection?  

    Tim

  • 0

    Hey Jeffry - welcome to the UTM Community!

    You do want to enable Uplink Balancing.  You don't need it for the VPN, but you will want it otherwise.  Start with Auto-Failover IPsec VPN Connections.

    If you're still having trouble, Show us Pictures of the Edits of all IPsec Connections involved connecting these two sites as well as the Default Gateways used by them.  Also, show us some log lines as follows:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Show us about 60 lines from enabling through the error.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML