Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi all.
site A.
port 1. Lan. 10.10.10.0/24
port2. Wan. 84.153.x.x/32
Site B
port1 .Lan 10.10.20.0/24
port2. Wan 63.84.x.x
IPsec between sites. all resources are accessible from one site to another.
I want all traffic from site B to go via IPSec tunnel and then out via site A. Site A will Nat all the trafffic from site B to 63.84.x.x
How can i achieve this?
Many thanks,
Hi Dragos Avram
Refer below link for route base vpn might help to achieve your requirement :
Regards
"Sophos Partner: Networkkings Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Hi Dragos Avram Thank you for reaching out to the Sophos community team. It looks like you want to route BO [All] Internet traffic to HO via a specific ISP and for this requirement, below KBA configuration will help:
Sophos Firewall: Route the branch office internet traffic through the head office ISP gateway
support.sophos.com/.../KBA-000003839
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
Hi,
yes, that is my requirement. I need to route all branch office traffic via ipsec to hq.
I will give this a go mid next week.
Thank you for your reply.
Hi Dragos Avram Thanks for the quick update around it, please keep us posted how it goes, thanks.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
Hi,
yes, its working.
1. create ipsec tunnels between firewalls with tunnel interfaces.
2. add ip addresses on those xfrm interfaces.
3. configure sd-wan routes to route all the traffic via xfrm.
or something like this
Is it correct you want also internet traffic from site b through site a?
well traffic from the LAN zone is routed over vpn to HQ.
Then the traffic is NATed to a public ip.
Hope this makes sense.