Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing all traffic from an external network into the internal network

Hi,

We have an issue that I need to resolve and I am unsure of how to get this to work.

Scenario:

2 schools need to connect their networks via a backbone provided by Virgin. The backbone provided has a Cisco firewall at each end. School 1 has an IP range of 10.137.x.x and School 2 has an IP range of 10.136.x.x. If I connect directly to the Cisco firewall everything works fine.

The issue however is that School 1s internal network range is 192.168.x.x. This means that all traffic that comes from School 2 needs to be routed through to School 1s IP range of 10.137.x.x and then routed again to the actual internal range of 192.168.x.x.

Everything should be able to access everything across the 2 schools.

This I do not know how to do.

Steps I have taken:

I have connected School 1s Sophos xg135 directly to the Cisco firewall. I have configured a WAN network(named interconnect) and assigned it an IP of 10.137.x.x with the gateway of the Cisco router. I have then created an SD-WAN route for all internal traffic that is trying to reach the IP range of 10.136.x.x (school 2) to divert all traffic through WAN network interconnect.

I can ping a device from 192.168.x.x(school 1) to 10.136.x.x(school 2)

I cannot connect from school 1 to school 2 with any other method

I cannot ping from 10.137.x.x (school 1 WAN) to  192.168.x.x (school 1 private)

I can ping and have full access between 10.137.x.x (school 1) and 10.136.x.x (school 2)

Help:

How do I get the schools to connect seamlessly from School 1 to School 2 and visa versa?



This thread was automatically locked due to age.
Parents
  • A simpler overview is we have two networks. These two networks need to communicate with each other with any traffic.

    Traffic flow would be 192.168.X.X(My subnet) -> 10.137.212.2(WAN gateway on XG) -> 10.136.X.X (Their network)

    I have got this working. I have not got working the below.

    10.137.X.X(WAN Subnet) -> 192.168.X.X(My subnet)

    If I get the above working, the full return path below will work.

    10.136.X.X (Their network) -> 10.137.212.2(WAN gateway on XG) -> 192.168.X.X(My subnet)  

  • Hello Warren, 

    Thanks for taking the time to update. To confirm, what doesn't work is when School2 tries to connect to end machines on School1? If yes, could you share a traceroute result from a School2 end machine going to an end machine at School1? Would it be possible for you to provide a network diagram for this? 

    Further, are both Cisco Routers/Firewalls on both Schools does NATing? Would you also be able to share with us NAT and route configurations from your Sophos Firewall and Cisco Routers? 

    Thanks,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hello Warren, 

    Thanks for taking the time to update. To confirm, what doesn't work is when School2 tries to connect to end machines on School1? If yes, could you share a traceroute result from a School2 end machine going to an end machine at School1? Would it be possible for you to provide a network diagram for this? 

    Further, are both Cisco Routers/Firewalls on both Schools does NATing? Would you also be able to share with us NAT and route configurations from your Sophos Firewall and Cisco Routers? 

    Thanks,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data