Hi!
I am not sure the subject line completely express the intent.
I have an external network that expects me to connect to their network through two ISPs, A and B.
ISP A
Our Sophos UTM is hosted within ISP A, and the customer has a tunnel with ISP A. ISP A simply routes our outgoing traffic
from the Sophos' external interface(eth1), which has the customer's destination addresses, through the ISP A-customer tunnel.
Any incoming traffic from the customer, coming through ISP A, is also routed to our external address, and we NAT.
Customer only sees/can reach Sophos external interface through ISP A, and will only allow Sophos external interface traffic through ISP A.
We need not manipulate the traffic in any form.
ISP B
ISP B does not provide tunnel to customer through their network, and we have a dedicated interface (eth2) for customers coming through ISP B.
Sophos and customer form IPSec VPN tunnel through eth2.
My problem is, in ISP B route, customer expects to have traffic only with eth2 source address (eth2 IP is Sophos both host and peer in the IPsec tunnel)
How do I make sure that all the traffic passing through ISP B maintains eth2's IP as source address, without a policy route or NAT?
When I use a policy route and masquerade, traffic does not switch over to ISP A when ISP B route fails.
This thread was automatically locked due to age.
