This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using public IPs in different locations with IPSEC

Good morning.

I don't know if someone can help me as I have been trying various configurations and conducting tests without any success, and I'm not sure if the XG allows what I need.

I have 2 offices:

Office A has a public IP addressing (e.g., 91.90.136.X/24) assigned to some servers with internal IPs 192.168.5.X.

Office B has one internet connection, and its local network is 192.168.6.X.

An IPsec tunnel has been created between both offices, and there is visibility between the internal networks 192.168.5.X and 192.168.6.X.

Now, what they need is to assign a public IP that they have in Office A to a server that is in Office B. Would this be possible?

Best regards.

This thread was automatically locked due to age.

Top Replies

Vivek Jagad 9 months ago +1 suggested

Hello Christian Garcia N , Thank you for reaching out to the community, create a full tunnel and at office A mention the local as "Any" and create a firewall rule VPN to WAN.

0 Vivek Jagad 9 months ago

Hello Christian Garcia N ,

Thank you for reaching out to the community, create a full tunnel and at office A mention the local as "Any" and create a firewall rule VPN to WAN.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel

0 Christian Garcia N 8 months ago in reply to Vivek Jagad

Good afternoon.


I tried to perform several DNAT/SNAT on both XG but I can't figure out what I need to do, I don't know if I don't understand your explanation very well.

Would it be possible to tell me through images what should be done?

I give you a diagram of the network and what I need is that the server that has the IP 192.168.6.10 can both be accessed and that it has access to the Internet through the IP 91.92.136.10 and that it can communicate with the servers 192.168 .5.5 and 192.168.5.6.

Thank you very much for your help!

0 Vivek Jagad 8 months ago in reply to Christian Garcia N

Hey Christian Garcia N , Please refer - Route the branch office internet traffic through the head office ISP gateway.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J 8 months ago in reply to Christian Garcia N

Try route base vpn https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=site-to-site-VPN-route-based-VPN with SD-WAN routes

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Massimiliano Ciucci 8 months ago in reply to Christian Garcia N

Hi Christian Garcia2 I have the same problem at this moment and tried to use

system ipsec_route add host REMOTE_BRANCH_IP_SERVER tunnelname TUNNEL

and

set advanced-firewall sys-traffic-nat add destination REMOTE_BRANCH_IP_SERVER snatip FW_IP

but doesn't work the traffic go in the correct FW rule and NAT rule but remain in SYN_SENT status when forwarded

Thanks in anyone can help us
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J 8 months ago in reply to Massimiliano Ciucci

Try route-based VPN to meet the requirement.

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel