I've created a site-to-site VPN connection from my default-local-LAN (10.10.0.0/24) to default-offsite-LAN(10.0.1.0/24). I used the wizard. I didn't configure a local/remote ID. The connection itself works fine. I made rules which allow all traffic from VPN local-sub to offsite-sub and vice versa.
Now the first problem. I can ping all devices in through the VPN connection but for example I can't access the unifi web portal 10.0.1.5:8443, nor other devices. I also activated sophos web portal access through VPN and i can't reach it (only access checked on offsite)
The other thing i want, is to route a FQDN from offsite to the local WAN connection. I made a rule on offsite that source:LAN net:offsite | target:VPN net:*.example.com
On the local I've source:VPN net:offsite | traget:WAN any
I don't know how to make the correct rule.
General info
The main sophos is directly connected to the internet. The offsite is behind a NAT (I guess it would be only a problem for the general connection)
I also read the documentation. I'm not sure if site-to-site or XFRM is better for what I want.
I considered using the same subnet for my local unifi and offsite but I think the better way is to leave both sides control on their own.
Anyone tips and tricks for me?
Added TAGs
[edited by: Raphael Alganes at 1:56 PM (GMT -8) on 10 Jan 2025]