Hey guys,
im really new at sophos and firewalling. Actually I have a bit problems to get our voip solution (cloud provider) to work properly. Hopefully im able to explain it clear.
situation:
we changed our network. Sophos VPN to connect branch Offices and Connection through IPsec to our voip provider - instead of MPLS (cost factor)
we've a cloud voip provider, who is using an Avaya solution. The voip servers are located at cloud and we're connecting (only phones) through ipsec tunnel to this provider. Now we're having the issue, that new Phones on our Site are not able to get an ip address from dhcp server (located at cloud provider). Other traffic is working fine, cause 200th phones are already working. (however they're getting an dhcp, if "our Ip" is not whitelisted, see below)
if i set a static ip to the phones, the phones are working. The phone is also able to get an ip address from different dhcp server on our side (different vlan, for clients - just a test)
Now our Provider told aus, that we have to communicate through the ipsec tunnel with a specific (internal) ip address to get an ip address through the tunnel.
problem(?):
-> DHCP Requests needs to be arriving on remote side with a specific ip address range (e.g. 192.168.0.0/22)
-> The DHCP Request are actually delivered through Core Switch ve interface on transfer network betwenn Core Switches and Sophos (e.g. 10.10.190.251)
The Solution should be:
-> Rewrite outbound traffic through ipsec tunnel to a ip address between the 192.168.0.0/22 network
Should I create a SNAT Rule to meet this requirement? How would I need to configure this rule? What is best practice to get this working?
I'll hope youre able to help a newbi on this "easy thing" (that is it for you, i think :) )
greetz
This thread was automatically locked due to age.