Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site VPNs and VLANS

Hi,

We've run a flat lan for years at our main location.

We've recently updated our network and added a few new VLANS to the mix.

Now I have a problem.  We have several Site-to-Site VPNs up and running that work great with our original VLAN1.

However, when I try to add our new VLAN subnets into the VPN configuration, the tunnels go down and will not come back up.

I've added the new VLAN Subnets to the Rules and policies already.

Can't figure out what I'm missing.



This thread was automatically locked due to age.
Parents Reply Children
  • If you have both the access you have to add local id remote id and vlan subnet on ipsec tunnel as well as you have to add on firewall rules to have communication 

    In your case first you add local and remote id and new vlan on local and remote subnet on both the firewall to make it work 

    exmaple 

    At HO

    local subnet                                     Remote subnet

    Headoffice LAN                                 Branch office LAN

    new VLAN subnet

    At BO

    local subnet                                 Remote subnet

    Branch office LAN                      Head office LAN 

                                                          New VLAN subnet

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • That's exactly what I'm doing, and the tunnel goes down and will not re-connect.

  • Check the vpn-log on both firewalls. It's likely that some useful information is logged in one or even both firewalls logs.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I tried it again, and now the VPN comes up fine with the new subnet added.

    Not sure why it would not work before.

  • As per the first screenshot new vlan was not added maybe without re establishing ipsec vpn tunnel back.

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Nope, I did it exactly as before (just like your example) and it worked this time.