This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default IPsec Site-2-Site tunnel routing

Hello,

is it me, or something changed in the default IPsec site-to-site tunnel routing behavior?

Let's take an example:

Network1 (local): 192.168.1.0/24, gateway 192.168.1.254

Network2 (remote): 172.16.1.0/24, GW 172.16.1.254

Network3 (another remote network): 10.10.1.0/24

So, when I connect two networks, Network1 and Network2 with an site-to-site tunnel, I can do everything as usual and connect to resources on both sides.

And when Network3 comes to play, of course, I can connect to it from Network2, but if I want to connect from Network1:

I have to add that network to local networks on Network2, and in remote networks on Network1 AND previously, had to create Policy Route, which routed connections to Network3 to go over Network2 gateway.

However, currently, this seems to have changed.

If I disable the policy routing, I can still see packets going over the Network2. Only after removing the network3 from IPsec rules for site-to-site, does the network stop going over Network2, and actually goes over Network1 gateway.

What has changed?



This thread was automatically locked due to age.
Parents Reply
  • Did you look at the Hub-and-Spoke link?  It refers to site-to-site, and my post links back to a post in the German Forum in a thread entitled "Routing mehrere VPN-Tunnel" where Gert Hansen (one of the original creators of UTM) discusses the routing.

    If all three locations use UTM, you shouldn't need any manual routes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data