Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic from VPN to VPN via Sophos XG

ersatcha

We've got a site to site VPN to a third party from our HQ site. We've also got a site to site VPN from a branch site to HQ. Both branch and HQ have Sophos XG firewalls.

Is this something that should work, or are there limitations with traffic from one VPN passing back out to another VPN, as we have on our HQ Sophos?



This thread was automatically locked due to age.
  • +1

    Hi  

    If you want to communicate between two VPN remote network, you required to have VPN to VPN firewall rule but you also required to add networks of BO and Thrid party network to HO VPN tunnel, same in the BO tunnel to communicate.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • FormerMember
    +1 FormerMember

    Hi Ersatcha,

    It is possible to access Third Party Local network form BO location through existing IPsec Tunnels.

    In this example, I have used three local networks but in your case these networks might be different. 

    1) Local on BO : 192.168.1.0/24

    2) Local on HO : 192.168.2.0/24

    3) Local on Third Party: 192.168.3.0/24

    On BO, update the tunnel to HO, add third party firewall's local network in remote network of the connection.

    Remote Subnet:

    1)Local HO Subnet: 192.168.2.0/24
    2)Third Part Local Subnet: 192.168.3.0/24

    On HO firewall, you have to update both tunnels BO to HO and HO to third party. 

    First update the tunnel between BO to HO and add local networks of third party.

    Local Subnet:

    1)Local HO Subnet: 192.168.2.0/24
    2)Third Part Local Subnet: 192.168.3.0/24

    Second, update the tunnel between HO to third party and add local network of BO.

    Local Subnet :

    1)Local HO Subnet: 192.168.1.0/24
    2)Local BO Subet: 192.168.2.0/24

    Note: Third Party firewall should configured with local network of BO in remote networks.

    You also requires VPN to VPN firewall rule to allow traffic from BO to third party firewall. You only need this rule on HO.

    Make sure that thre is no gateway route or have no NAT configured on IPSec tunnels.

    Thanks,

Unfiltered HTML