RE: Traffic from VPN to VPN via Sophos XG

FormerMember — Mon, 16 Dec 2019 21:35:57 GMT

Hi ersatcha,

Check this KBA : Sophos XG Firewall: How to create a hub and spoke IPsec VPN

Thanks,

RE: Traffic from VPN to VPN via Sophos XG

FormerMember — Mon, 16 Dec 2019 21:18:54 GMT

Hi Ersatcha,

It is possible to access Third Party Local network form BO location through existing IPsec Tunnels.

In this example, I have used three local networks but in your case these networks might be different.

1) Local on BO : 192.168.1.0/24

2) Local on HO : 192.168.2.0/24

3) Local on Third Party: 192.168.3.0/24

On BO, update the tunnel to HO, add third party firewall's local network in remote network of the connection.

Remote Subnet:

1)Local HO Subnet: 192.168.2.0/24
2)Third Part Local Subnet: 192.168.3.0/24

On HO firewall, you have to update both tunnels BO to HO and HO to third party.

First update the tunnel between BO to HO and add local networks of third party.

Local Subnet:

1)Local HO Subnet: 192.168.2.0/24
2)Third Part Local Subnet: 192.168.3.0/24

Second, update the tunnel between HO to third party and add local network of BO.

Local Subnet :

1)Local HO Subnet: 192.168.1.0/24
2)Local BO Subet: 192.168.2.0/24

Note: Third Party firewall should configured with local network of BO in remote networks.

You also requires VPN to VPN firewall rule to allow traffic from BO to third party firewall. You only need this rule on HO.

Make sure that thre is no gateway route or have no NAT configured on IPSec tunnels.

Thanks,

RE: Traffic from VPN to VPN via Sophos XG

Keyur — Mon, 16 Dec 2019 15:29:08 GMT

Hi ersatcha

If you want to communicate between two VPN remote network, you required to have VPN to VPN firewall rule but you also required to add networks of BO and Thrid party network to HO VPN tunnel, same in the BO tunnel to communicate.