Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 1158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT over IPSec XGS107-XG135

Dimitris Roubos

Hello there,

I have 2 Sophos Firewall connecting to Networks with IPSeC Site-to-Site VPN 1 Public IP for each network.

XGS107 (SFOS 19.5.3 MR-3-Build652)

XG135 (SFOS 18.5.2 MR-2-Build380)

Network A 192.168.1.0/24

IPSeC gateway 172.16.21.1

Network B 10.10.10.0/24

IPSeC gateway 172.16.21.254

The concept is that we have one Server that is accessed only from Public IP from Network A and i want to access that Server from Network B, I assumed that SNAT is the solution but I am not aware of how to setup in Sophos.

Any suggestions they would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  Thank you for reaching out to the Sophos community team. I would suggest trying with below steps:

    On-Site location B, under IPSec site-to-site configuration in Remote subnet details, add the Server IP and vice versa on Site location A under IPSec site-to-site configuration add Server IP in the Local subnet details, with this configuration your tunnel will be up with 2 SA between location B & A and any traffic from site B's local LAN (defined under the tunnel) for Server IP will traverse over IPSec towards site A.

    Afterward the above steps, on Site location A please create a VPN to WAN rule to forward traffic over the Server ( Assuming the Server which you want to access is outside on the Internet over the WAN zone, Additionally if on Site location A only 1 WAN ISP is there no SD-WAN rule required but if more then 1 WAN ISP there, please add SD-WAN rule with required source and destination network and select route through gateway with appropriate ISP).

    To allow reply traffic of server back to VPN tunnel towards site B add VPN to VPN rule on site A location. Please try this and let us know how it goes..!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    Hi  Thank you for reaching out to the Sophos community team. I would suggest trying with below steps:

    On-Site location B, under IPSec site-to-site configuration in Remote subnet details, add the Server IP and vice versa on Site location A under IPSec site-to-site configuration add Server IP in the Local subnet details, with this configuration your tunnel will be up with 2 SA between location B & A and any traffic from site B's local LAN (defined under the tunnel) for Server IP will traverse over IPSec towards site A.

    Afterward the above steps, on Site location A please create a VPN to WAN rule to forward traffic over the Server ( Assuming the Server which you want to access is outside on the Internet over the WAN zone, Additionally if on Site location A only 1 WAN ISP is there no SD-WAN rule required but if more then 1 WAN ISP there, please add SD-WAN rule with required source and destination network and select route through gateway with appropriate ISP).

    To allow reply traffic of server back to VPN tunnel towards site B add VPN to VPN rule on site A location. Please try this and let us know how it goes..!

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML