Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing all traffic from an external network into the internal network

Hi,

We have an issue that I need to resolve and I am unsure of how to get this to work.

Scenario:

2 schools need to connect their networks via a backbone provided by Virgin. The backbone provided has a Cisco firewall at each end. School 1 has an IP range of 10.137.x.x and School 2 has an IP range of 10.136.x.x. If I connect directly to the Cisco firewall everything works fine.

The issue however is that School 1s internal network range is 192.168.x.x. This means that all traffic that comes from School 2 needs to be routed through to School 1s IP range of 10.137.x.x and then routed again to the actual internal range of 192.168.x.x.

Everything should be able to access everything across the 2 schools.

This I do not know how to do.

Steps I have taken:

I have connected School 1s Sophos xg135 directly to the Cisco firewall. I have configured a WAN network(named interconnect) and assigned it an IP of 10.137.x.x with the gateway of the Cisco router. I have then created an SD-WAN route for all internal traffic that is trying to reach the IP range of 10.136.x.x (school 2) to divert all traffic through WAN network interconnect.

I can ping a device from 192.168.x.x(school 1) to 10.136.x.x(school 2)

I cannot connect from school 1 to school 2 with any other method

I cannot ping from 10.137.x.x (school 1 WAN) to  192.168.x.x (school 1 private)

I can ping and have full access between 10.137.x.x (school 1) and 10.136.x.x (school 2)

Help:

How do I get the schools to connect seamlessly from School 1 to School 2 and visa versa?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Raphael,

    I have managed to get outbound working now. I've managed to hit school2 via smb and receive a login prompt. The provider has also sent me a pcap showing a successful connection. The issue was NAT.

    School2 does not have any firewall apart from the Cisco firewall which manages the 10.136.x.x range. Is there any way at all of getting them to initiate traffic to our internal 192.168.x.x range without natting every single IP?

    Thanks,

    Warren