This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec S2S als Interface verwenden (VLAN -> WLAN SSID)

hallo liebe Forumleser,

ich habe eine Frage und derzeit einen kleinen Hirnhänger glaube ich - vielleicht kann mir einer von euch helfen. Derzeit habe ich ein existentes IPSec S2S Netzwerk. der Zugriff von beiden Seiten auf die andere Seite läuft einwandfrei.

Jetzt hatte ich die Idee, dass ich die IPSec Verbindung als VLAN ins LAN verschicke und dort über die WLAN Infrastruktur als separate SSID auszustrahlen - Hintergrund der Geschichte - das IPSec Netzwerk soll wirklich aus dem jetzigen (W)LAN separiert werden, damit nicht jeder auf das Remotenetz kommt.

Ich weiss, es gibt die Option "Bind tunnel to local interface" aber ich bin mir nicht wirklich sicher, was diese Option macht?

Weiss hier jemand vielleicht von euch einen Rat?

VIelen Dank im Voraus, lg Bernhard



This thread was automatically locked due to age.
Parents
  • Hallo Bernhard,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    IPsec site-to-site tunnels don't have an associated virtual NIC like the SSL VPN S2S tunnels do.  Years ago, it was possible to set up a GRE tunnel, so that might work for you, depending on what you have on the other end.

    I tend to agree with Philipp, though.  You could make a firewall rule that allows all traffic from the other site, but not one that allows any traffic from the internal network to the other site.  Then you can create a local SSID and make a firewall rule that allows traffic from that WLAN  to the other site.  You would need to add the WLAN subnet to the IPsec tunnel.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Bernhard,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. Frowning2)

    IPsec site-to-site tunnels don't have an associated virtual NIC like the SSL VPN S2S tunnels do.  Years ago, it was possible to set up a GRE tunnel, so that might work for you, depending on what you have on the other end.

    I tend to agree with Philipp, though.  You could make a firewall rule that allows all traffic from the other site, but not one that allows any traffic from the internal network to the other site.  Then you can create a local SSID and make a firewall rule that allows traffic from that WLAN  to the other site.  You would need to add the WLAN subnet to the IPsec tunnel.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data