This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route traffic destined for a specific public network out over site to site VPN

I have an IPSec site to site VPN set up. I need to route traffic destined for 208.whatever.external.IP out over a site to site tunnel to a provider network.  In Network > Routing there is no interface listed to send the traffic to and I have nothing to set as the next hop. Any ideas?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    You can add an IPsec route in CLI for destination 208.whatever.external.IP

    Follow the steps below to add an IPsec route.

    ==> Login to SSH > 4. Device Console

    => For host:

    console> system ipsec_route add host 208.whatever.external.IP tunnelname IPsec_Tunnel

    => For network:

    console> system ipsec_route add net 208.whatever.external.IP/255.255.255.0 tunnelname IPsec_Tunnel

    Where IPsec_Tunnel is your site-to-site VPN tunnel name.

  • OK Got it in there and it is still trying to send the traffic out to the internet directly instead of over the tunnel....

    system ipsec_route add net 208.whatever.external.IP/255.255.255.224 tunnelname VPN_Tunnel

    console> system ipsec_route show
    tunnelname host/network netmask
    VPN_Tunnel 208.whatever.external.IP 255.255.255.224  

    I am tracerouting to 208.whatever.external.22 which is in that network. 

    Any ideas on what to try to see why this isn't working?

Reply
  • OK Got it in there and it is still trying to send the traffic out to the internet directly instead of over the tunnel....

    system ipsec_route add net 208.whatever.external.IP/255.255.255.224 tunnelname VPN_Tunnel

    console> system ipsec_route show
    tunnelname host/network netmask
    VPN_Tunnel 208.whatever.external.IP 255.255.255.224  

    I am tracerouting to 208.whatever.external.22 which is in that network. 

    Any ideas on what to try to see why this isn't working?

Children