This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN with DUAL ISP Active/Standby

Hello,

If you have the possibility to help us with the problem that is appering about configuring on the Site to Site VPN with dual ISPs between two sites.

On the following, I will describe in more detail how looking the design

We have two Sophos Firewalls.The first Sophos Firewall is located on HQ Site, while the second Sophos Firewall is located at the branch Site.

On HQ site we have two ISPs. The first ISP is based on Private WAN (Layer 2), while the second ISP is based on Public WAN.

Also on the branch we have two ISPs. The first ISP is based on Private WAN (Layer 2), while the second ISP is based on Public WAN

We want to build a VPN Site to Site with dual ISPs. We have made all configurations the VPN Site to Site with two ISPs (Private and Public) between HQ and branch but we have some problems and this kind of VPN is not working.

We are currently operating VPNs with only one ISP (Private) but VPN with other ISP (Public) is not functional.
The problem is that VPN with second ISP (Public) is created but does not pass any kind of traffic between two sites.


Our target is to create site-to-site VPN with two ISPs as Active /Standby. So initially create a VPN Site to Site with Private WAN and if for some reason this VPN is down then VPN and communication to continue with the second ISP

Tell me first if we can achieve these kinds of scenarios and if so how can we achieve this (any document or guide )?

 

 

If you need also the configuration and VPN logs,i will send.

 

 

Best Regards



This thread was automatically locked due to age.
Parents
  • Leo, in addition to the approach I suggested in the thread that Shaun linked, you might also consider Sophos UTM multiple S2S IPsec VPN mit Failover – Tutorial (DE).  The advantage of the approach suggested by Michael Klehr is that both tunnels can pass traffic simultaneously and there is virtually zero wait time when one tunnel fails.  The tutorial is in German, but there are lots of pictures, all in English.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • HI BAlfson ,

     

    Thank you for your guide and good help

    If you have possibility to help for one more thing,

    If i have two site HQ and Branch office with dual ISP (Private and Public). If i have VPN which operate with Public ISP,can you tell me how can i route traffic from branch office to goes on Internet through HQ site and not to on Internet from Branch Site. 

    Now all traffic from branch site goes to INTERNET through Public IP address that are located on Branch Site. How can i set a default route on branch site to goes on Internet through VPN to HQ Site

     

    Best Regards

  • If you want all traffic from the branch to pass via the VPN and go out through HQ, do this by changing the VPN definition.  Just add "Internet" to 'Local Networks' at HQ and to 'Remote Networks' at the branch.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • If you want all traffic from the branch to pass via the VPN and go out through HQ, do this by changing the VPN definition.  Just add "Internet" to 'Local Networks' at HQ and to 'Remote Networks' at the branch.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data