This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route specific websites over IPsec tunnel

Im using XG Xtream SFOS 18.0.4 MR-4.I've successfully configured site-to-site IPsec tunnel. Im able to ping other no issue. Now i want to know how i can route specific websites over the tunnel to other point. Like facebook, Google and Instagram traffic should go via tunnel not main wan. Its pretty simple in Mikrotik but can't find the way to do it in Sophos XG.

This thread was automatically locked due to age.

Parents

0 Vishal_R over 3 years ago

Hi Arslan Khalid : Is it policy based IPSec VPN? If yes have you tried by adding that website IP in the network details to route traffic over IPsec site to site? You may add website IP and at remote end where you are forwarding website traffic configure VPN to WAN rule to allow that traffic and may confirm the status of this. This should work with this configuration.

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Arslan Khalid over 3 years ago in reply to Vishal_R

Hi Vishal : it is policy based IPsec vpn. Where exactly i have to add website IP and in which network details. I already tried creating gateway and then sd wan policy but no luck
Cancel
Vote Up 0 Vote Down

Cancel
0 Vishal_R over 3 years ago in reply to Arslan Khalid

Hi Arslan Khalid : You are on right direction and you may add SD WAN rule where in destination network you may add Website IP. This SD WAN rule will forward traffic over ipxfram ( Interface) to another end firewall. Please ensure that SD WAN policy set on over reply packet at both the end via CLI command.

Reference:

docs.sophos.com/.../rn_SDWANPolicyRouting.html

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Arslan Khalid over 3 years ago in reply to Vishal_R

Hi Vishal_R problem in my setup is im creating this tunnel to Mikrotik. I dont have SDwan option on Mikrotik end. MIkrotik is accepting ping and is allowed to accept anything, no firewall issue on Mikrotik end. Seems like Sophos xg is not routing traffic over IPsec tunnel. HO-Subnet = 192.168.88.0/24 and is local subnet of mikrotik. local subent = 192.168.10.0/24 and is local subnet of Sophos xg. I`ve attached images below for more something im doing is incorrect i guess.

If i do below action then traffic for skype.com reaches mikrotik but it wont be able to route traffic back as its 0.0.0.0/0.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Arslan Khalid over 3 years ago in reply to Vishal_R

Hi Vishal_R problem in my setup is im creating this tunnel to Mikrotik. I dont have SDwan option on Mikrotik end. MIkrotik is accepting ping and is allowed to accept anything, no firewall issue on Mikrotik end. Seems like Sophos xg is not routing traffic over IPsec tunnel. HO-Subnet = 192.168.88.0/24 and is local subnet of mikrotik. local subent = 192.168.10.0/24 and is local subnet of Sophos xg. I`ve attached images below for more something im doing is incorrect i guess.

If i do below action then traffic for skype.com reaches mikrotik but it wont be able to route traffic back as its 0.0.0.0/0.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data