Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 5951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site on it's own Interface

BrianStetson

I have a UTM SG330 running as the main firewall for our company at it's only site, then at another location for offsite backups I have a UTM 220. I am trying to setup a site to site VPN between these two locations. The offsite location is using the firewall for it's own network protection and I want the Site-to-SIte VPN to be a separate network where my offsite backup servers will connect to separate from the network that already exists on the UTM 220. How do I apply the site to site VPN to it's own interface/NIC on the 220 as to not interfere or combine with the existing network? Thank for any help here, I haven't stumbled across anything online to help with this and not sure what settings/setup needs to be configured for this.



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Brian, and welcome to the UTM Community!

    This will be very easy.  Give us an example of what devices behind the 330 should be able to reach which devices behind the 220.  I understand that the backup servers will be in their own DMZ behind the 220 - is the same true of the devices behind the 330?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob for the reply,

      The devices behind the 330 are not in their own DMZ but are just on the LAN. 

  • 0 in reply to BrianStetson

    Your question is too general, Brian.  Please say specifically which IP/subnets should be able to reach which IP/subnets.  You can use coherent example addresses instead of using your real ones.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sorry, I didn't realize what you were asking for. I think I have gotten it working now.

    I created a new interface on port 7 of the ethernet switch on the UTM220 and assigned it a range outside of the network scope on the SG330. I then created a site to site gateway on SG330 and a connection on the SG330 from that ip range. I then created the gateway on the UTM220 and the connection on the UTM220 to the public ip of the SG330. The key for me to have the site to site vpn work only on the Interface I setup on port 7 was assigning it under the Local Networks of the connection on the UTM220. I turned both sides on and watched them connect. Thanks for your help.

Reply
  • 0 in reply to BAlfson

    Sorry, I didn't realize what you were asking for. I think I have gotten it working now.

    I created a new interface on port 7 of the ethernet switch on the UTM220 and assigned it a range outside of the network scope on the SG330. I then created a site to site gateway on SG330 and a connection on the SG330 from that ip range. I then created the gateway on the UTM220 and the connection on the UTM220 to the public ip of the SG330. The key for me to have the site to site vpn work only on the Interface I setup on port 7 was assigning it under the Local Networks of the connection on the UTM220. I turned both sides on and watched them connect. Thanks for your help.

Children
No Data
Unfiltered HTML