I have found this to be a common question with regards to setting up the Site to Site VPN. I am using Sophos UTM v9.705-3 and I have not found an answer as to whether or not this is possible. The scenario we have is this:
Main site (Site A) has dedicated Ethernet connection with WAN configured as: (Actual IPs not shown)
Layer 3 IP: 1.2.3.4
Layer 3 Subnet: x.x.x.x
WAN Gateway: 1.2.3.3
I have created Additional addresses which are the customer's usable LAN Block and these are tied to the WAN interface. (i.e. 2.2.2.1-2.2.2.6)
When I create the Site to Site remote gateway and use one of the IPs in the LAN usable range (i.e. 2.2.2.1) it does not connect. If I use the WAN Layer 3 IP of 1.2.3.4 it does. In a case where the remote site (Site B) needs an IP address for the main site it is connecting to I need to give them one of the customer's IPs in the LAN block to whitelist traffic. Also, Site A is initiating the connection and Site B is responding.
This scenario worked when the customer had internet service that included a router but I am not sure how this is suppose to work with the dedicated Ethernet service they have now which does not have a router. Any help would be appreciated!
This thread was automatically locked due to age.