Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 6637 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hub Spoke configuration with supernet

CristianRugo

Hello,

we have 27 distributed sites connected to a central HUB

on remote sites we have a Sophos XG 105 (15.01.0 MR-3) and on central site the main unit is a XG 450 (15.01.0 MR-3)

When creating a VPN IPSEC on remote sites with this example data:

Local Network:

192.168.100.0/24

Remote Networks:

10.14.0.0/22

10.16.0.0/24

10.1.0.0/22

192.168.0.0/16 (supernet address)

during the save it returns the error: IPsec Connection 'SEDE': network conflict

The problem is the local network being a subset of the supernet.

There is a way to solve this problem?

Thanks



This thread was automatically locked due to age.
  • 0
    very good day!
    Friend, my case was identical to his, I believe the fact is bug, but function, follow steps:
    My network 10.220.1.0/24, needed add a 10.0.0.0/8 network, it had a conflict when specifying the object/subnet, creating the object before with the information out of range and then modifying could save the VPN configuration and modify the sequence object, ie:
    steps
    1 - Object creation 19.168.0.0/16 "Policies> Hosts and Services> IP Host";
    2 - Creation of VPN and inserting object wrong;
    3 - After saved tunnel, go objects (Policies> Hosts and Services> Host IP) and modify 19.168.0.0/16 to 192.168.0.0/16;
    4 - Login via ssh, and set the static route as the main:  system route_precedence set static vpn
    5 - Finally, put the tunnel as online.
     
    Hugs,
    NC
Unfiltered HTML