Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 1066 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multisite VPN

jeremy gilruiz

Hi all,

Today I have 3 sites with 1 Sophos UTM on each site. I created a site-to-site VPN on the main site.I downloaded the configuration for remote tunnel endpoint and upload this file on the 2 others site.

Each site can connect on the main site with the site-to-site VPN but not both site at the same time.

Thank in advance



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you configure the site to site IPsec VPN? Please share the configuration detail. 

    Is there any local and remote subnet overlap with the configured VPN connections? 

    Thanks,

  • 0 in reply to FormerMember

    Hi,

    No, I configured the site to site SSL VPN.

  • 0 in reply to jeremy gilruiz

    Salut Jeremy,

    please check routing and firewall rules between your remote sites/networks.

    A site-to-site tunnel is what it says: it is establsihed between one site and another. To route between the remote sites, you have to add routes for each remote netwok at each site. The routes to the central site are established implicit with your tunnel definition. Likewise the firewall rules.

    So you need to add the rest manually

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • +1

    Salut Jeremy and welcome to the UTM Community!

    I fear that there's a problem with your present server definition that causes a routing problem that you cannot fix.

    You will want to have two separate site-to-site definitions in the central site.  Assume that we have sites A, B and C with site B as the central site.

    1. Create an SSL VPN server in site B for site A with the LANs for sites B and C in 'Local Networks' and download the client file for upload to site A.
    2. Create an SSL VPN server in site B for site C with the LANs for sites B and A in 'Local Networks' and download the client file for upload to site C.

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to PhilippRusch

    Do you do a Gateway route ? With the "Local Network" in the "Network" field ? And what in the Gateway ? ...

Unfiltered HTML