This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM to UTM Red tunnel

I have managed to get the tunnel up and connected. Easy.

 

My problem is getting network connectivity over the tunnel

My end goal is to have VLAN in site B pass all of its traffic over the tunnel to the VLAN in site A. Essentially bypassing the local internet in Site B's location.

 

Site A (Server side)

I have created an interface for the RED tunnel, 192.168.100.1/24

I have set up static gateway route with the network as the VLAN in site B, and gateway as the RED interface on site Bs utm, 192.168.100.2

I have added a firewall rule to allow 'any' service between the vlans

 

Site B (Client side)

I have created an interface for the RED tunnel, 192.168.100.2/24

I have set up static gateway route with the network as the VLAN in site A, and gateway as the RED interface on site Bs utm, 192.168.100.1

I have added a firewall rule to allow 'any' service between the vlans

 

From Site A, I cannot ping 192.168.100.2 or any IP in site Bs VLAN.

 

am i missing something here? This is what i used for a guide, community.sophos.com/.../120157



This thread was automatically locked due to age.
  • Assuming you've configured things correctly according to the KB you linked, it should work.  I've setup this before and had to issues.  What does the ICMP tab show under Network Protection > Firewall > ICMP?  Does the machine you're trying to ping allow ICMP from outside networks (assuming you don't have a NAT/MASQ on the receiving firewall to NAT the packet so it appears to be coming from the local network)?

    Are you familiar with SSH?  I find that sniffing packets with tcpdump is the best way to determine where the communication breakdown is occurring.  

    Tim

  • Thanks Tim, Im actually trying to ping the RED interface IP on the firewall of Site A from Site B. even that doesn't work.

    ICMP settings are uncahnged,Gateway is ping visible & Ping from gateway both checked.

  • If I understand what you want to do, that KB article isn't the approach you want to take...

    You can use a RED tunnel to create a bridge between Interfaces on two different UTMs.  Say you want to have the subnet 192.168.200.0/24 in sites A & B.  Define an Ethernet bridge in the server site using reds1 and eth0 (for example), creating an interface 192.168.200.1/24.  In the client site, use redc1 and eth0 to create an interface 192.168.200.2/24.  In the server site, create a DHCP server with a dynamic range of 195.168.200.100-199 (for example) and do not create a DHCP server on the other UTM. Whether the DHCP server assigns .1 or .2 as default gateway depends on your specific needs.

    If that doesn't describe what you wanted to do, please show pictures of the Edits of the relevant firewall rules, Interface definitions, Static routes and RED server definition.  Also, confirm that none of the related Network/Host definitions violates #4 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    My end goal is to have 2  subnets/vlans on either site, but for the VLAN in Site B's next hop to be the vlans gateway in site A, thus eluding the local ISP restrictions in site b.

    I have deleted everything and recreated

    Firewall Rules

     

    Interface

      

    RED Server connection

     

     

    Now at this stage i would assume id be able to ping the RED interfaces from each others location, but ping fails.

  • The Interface images and the ping attempt image are all too small to be legible.  Please replace them in your post.  Also, check the firewall log in both UTMs to confirm that there's no evidence of a block occurring.  If, instead of pinging, you try to RDP to a computer in the other location, are you able to connect?

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA