Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need Help with Client IPSec VPN (Connect) in to Site2Site VPN IPSec Tunnel (Policy Based)

Dear Community,

my name is david lorenz and I have a problem at one of our customers. At first I will describe my network situation. They have a HQ and a BO.

The HQ has the network: 192.168.2.0/24 (Sophos XG210 with 192.168.2.1)

The BO has the network: 172.25.0.0 /16 (OPNSense with 172.25.0.1)

There is a Site2Site VPN (Policy Based) between them both. I can not use Route Based because they have not a static Ip at the BO.

I created a Firewall Rule for the Site2Site VPN with Any <-> Any. Also I created a Rule for the Client VPN Range to the LAN (Any <-> Any) from both networks.

Now to my problem. Our Customer want to route client vpn traffic to the site to site vpn BO network ip "172.25.2.1". It doesent work. I added the branch office network to the connect client recources. also i created all needed firewall rules. Also I tried to add a vpn route "system ipsec_route add host 172.25.2.1 tunnelname Site2Site_Leipzig_Karlsruhe". Nothing work and I dont know how to solve that. Also I tried SNAT.

From Client to HQ VPN and S2S (without Client VPN) everything workes fine.

I withed they buyed a sophos firewall for the BO ^^.

Someone has a idea? Thanks in advance. At the following lines I will send some Screenshots of the HQ Setup:

S2S:

S2S FW-Rule:

IPSec Client VPN:

IPSec Client VPN Rule (Client VPN to BO):

Tryed NAT:



This thread was automatically locked due to age.
Parents Reply Children