We are starting the process of replacing our old Juniper firewalls with new SG230s.
Simultaneously we are gradually replacing Junipers at all client sites with UTMs as well.
I have an SG230 up in the datacenter as well as one at a client site.
I have configured a RED tunnel which is connected and working well.
Since all the servers in the datacenter are still pointed to the Juniper as their default gateway (10.10.10.1) I set up a static route on the Juniper that points all traffic destined for the remote client LAN (192.168.x.x) to the Sophos ip (10.10.10.250).
I would like to continue in this fashion while we gradually replace all the client firewalls, and then when we have a critical mass, reverse the configuration, swap the interface ips on the juniper and Sophos, and set up a static route in the other direction (Sophos to juniper).
This arrangement appears to be working for pings, but not for any other service (SMB, ldap, etc). I can't figure out why and don't see any traffic being blocked anywhere in the chain.
It of course works if I create a static route right on the servers that routes traffic bound for 192.168.x.x to 10.10.10.250 but I'm hoping to avoid having to manually create routes on a ton of servers every time we change another client site, and then remove them all down the road...
hi Bob, I gave that a shot but it doesn't seem to be working.
Traceroutes from the client side show the traffic successfully crossing the red tunnel over to the RED interface on the server UTM (192.168.168.1) but then it just dies...
Quote