This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Router DMZ as OpenVpn Client

Hello,

I have a question regarding routing settings. I have created DMZ on my Sophos UTM and connected to the DMZ a other Router. The Router in the DMZ is doing a OpenVpn client connection, so the internal lan clients can go over this connection when I enable multi path rule Internal Network - Any - Internet IPv4 - DMZ Vpn. The Connection is working fine, just wondering as the VPN Router in the DMZ has the Option to set Gateway Mode or Router Mode, do I need to add in Router Mode static Route Back to Sophos UTM?

When I check with Traceroute 8.8.8.8 directly from the VPN Router, the first hop is not the Sophos UTM DMZIp Address, the Router is going directly over the VPN Connection to the Internet.

Can someone please point me to the right direction?

Thx

 

 



This thread was automatically locked due to age.
Parents
  • If I've understood your setup correctly, you need a route in the VPN Router so that it knows the subnet of "Internal (Network)" is reached via the IP of "DMZ (Address)" on the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello BAlfson,

     

    thanks for your reply. The Router has Gateway / DNS of the UTMs DMZ Interface 10.0.0.254

     

    The Routing Table of the Router looks like this: 

     

    Destination LAN NET Subnet Mask Gateway Flags Metric Interface
    default 128.0.0.0 172.22.29.1 UG 0 tun1
    default 0.0.0.0 10.0.0.254 UG 0 LAN & WLAN

     

    Do I still need a extra Route?

     

    Thx

    Best regards

    Sally

  • Keine Ahnung - I don't know that device, so I'm not sure what I'm seeing.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Eine Routing Tabelle :) 

  • I just would like to know, as the Router is in the DMZ, will the traffic go over the UTM for Filtering etc. or go directly to the VPN Network? 

    Thx

    Best regards

    Sally

  • I don't know how to interpret the routing table for that device.

    If you want the traffic to go through UTM Web Filtering, the subnet must be in 'Allowed Networks' there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't know how to interpret the routing table for that device.

    If you want the traffic to go through UTM Web Filtering, the subnet must be in 'Allowed Networks' there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children