No real guidance in the manual about using MPLS. I currently have several branches connected with site to site vpn. Our vendor says we will get greater efficiency if we use MPLS. I'm willing to try.
Not clear on how to get from here to there. The vendor is Cisco literate and their suggestions don't always translate to Sophos.
The MPLS does not have a separate subnet. It is Sprint MPLS and the vendor says that the traffic from the internal domains to the branch offices cannot be natted to the external address. They mean masqueraded. The traffic from Internal to Branch and from Branch to Internal must not look like it is coming from the External Interface. It needs to be transparent to the MPLS.
Branch office has a simple T1. Home office has pair of bonded T1's plus uplink balancing to a 2 mps air band service. Multipath rules send ipsec traffic over the T1's and Internet traffic over the air band.
Testing MPLS to one branch, Sophos support suggested a Gateway Policy Route: Internal Network, Any Service, Branch Network, Remote Gateway on Home office UTM. Internal, Any, Home Network, Home Gateway on Branch UTM. That doesn't seem right because the MPLS should be handling the gateways. Interface Route doesn't seem to work either. Static routes don't seem to do it either.
This has not worked. Waiting for a senior support tech to get back to me.
This thread was automatically locked due to age.
Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.
