Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 37 subscribers
  • Views 1469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enrutamiento entre VPN

Yael López

Saludos

Se tiene dos VPN Site-To-Site (Sucursal-Central y Central-Proveedor). Se requiere comunicación entre Sucursal--Proveedor.

Describo la configuración actual:

Sophos Sucursal

VPN con Central:

Subredes Sucursal - Subredes Central y Proveedor

Políticas para este propósito:

Salida: (LAN) Subredes Sucursal - (VPN) Subredes Central y Proveedor

Entrada: (VPN) Subredes Central y Proveedor - (LAN) Subredes Sucursal

Sophos Central

VPN con Sucursal:

Subredes Central y Proveedor - Subredes Sucursal

Políticas para este propósito:

Salida: (LAN) Subredes Central - (VPN) Subredes Sucursal

Entrada: (VPN) Subredes Sucursal - (LAN) Subredes Central

VPN con Proveedor

Subredes Central y Sucursal - Subredes Proveedor

Políticas para este propósito:

Salida: (LAN) Subredes Central y Sucursal - (VPN) Subredes Proveedor

Entrada: (VPN) Subredes Proveedor - (LAN) Subredes Central y Sucursal

Se agregan las siguientes políticas en el Sophos Central con la intención de que halla comunicación entre Sucursal y Proveedor

Salida: (LAN y VPN) Subredes Sucursal - (VPN) Subredes Proveedor

Entrada: (VPN) Subredes Proveedor - (LAN y VPN) Subredes Sucursal

Sin embargo no se ha conseguido tener la comunicación deseada

Gracias de antemano por su ayuda



This thread was automatically locked due to age.
Parents
  • 0

    Hello Yael,

    Thank you for contacting the Sophos Community.

    Is thee tunnel up? do you see Green for each SA?

    Are the networks overlapping?

    What happens if you do a TCPdump from the GUI of the XG on both of the devices at the moment you do a Ping where does the Ping goes? is it hitting the correct Firewall Rule?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi, Emmanuel

    yes, all the tunnels are up
    Networks do not overlap
    With TCPdump I can see in the branch Sophos that the traffic goes out through an interface ipsec0 with the indicated rule, however, in the Sophos Central only the following route
    Source IP: IP address of the computer located in the branch
    In Interface: ipsec0

    Destination IP: IP address of equipment located in Provider
    Out interface: Port3

    NAT ID: No Rule

    From what you can see, the indicated firewall rule is not fulfilled and the desired route is not detected



Reply
  • 0 in reply to emmosophos

    Hi, Emmanuel

    yes, all the tunnels are up
    Networks do not overlap
    With TCPdump I can see in the branch Sophos that the traffic goes out through an interface ipsec0 with the indicated rule, however, in the Sophos Central only the following route
    Source IP: IP address of the computer located in the branch
    In Interface: ipsec0

    Destination IP: IP address of equipment located in Provider
    Out interface: Port3

    NAT ID: No Rule

    From what you can see, the indicated firewall rule is not fulfilled and the desired route is not detected



Children
Unfiltered HTML