This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM to UTM Red tunnel

I have managed to get the tunnel up and connected. Easy.

 

My problem is getting network connectivity over the tunnel

My end goal is to have VLAN in site B pass all of its traffic over the tunnel to the VLAN in site A. Essentially bypassing the local internet in Site B's location.

 

Site A (Server side)

I have created an interface for the RED tunnel, 192.168.100.1/24

I have set up static gateway route with the network as the VLAN in site B, and gateway as the RED interface on site Bs utm, 192.168.100.2

I have added a firewall rule to allow 'any' service between the vlans

 

Site B (Client side)

I have created an interface for the RED tunnel, 192.168.100.2/24

I have set up static gateway route with the network as the VLAN in site A, and gateway as the RED interface on site Bs utm, 192.168.100.1

I have added a firewall rule to allow 'any' service between the vlans

 

From Site A, I cannot ping 192.168.100.2 or any IP in site Bs VLAN.

 

am i missing something here? This is what i used for a guide, community.sophos.com/.../120157



This thread was automatically locked due to age.
Parents
  • Assuming you've configured things correctly according to the KB you linked, it should work.  I've setup this before and had to issues.  What does the ICMP tab show under Network Protection > Firewall > ICMP?  Does the machine you're trying to ping allow ICMP from outside networks (assuming you don't have a NAT/MASQ on the receiving firewall to NAT the packet so it appears to be coming from the local network)?

    Are you familiar with SSH?  I find that sniffing packets with tcpdump is the best way to determine where the communication breakdown is occurring.  

    Tim

Reply
  • Assuming you've configured things correctly according to the KB you linked, it should work.  I've setup this before and had to issues.  What does the ICMP tab show under Network Protection > Firewall > ICMP?  Does the machine you're trying to ping allow ICMP from outside networks (assuming you don't have a NAT/MASQ on the receiving firewall to NAT the packet so it appears to be coming from the local network)?

    Are you familiar with SSH?  I find that sniffing packets with tcpdump is the best way to determine where the communication breakdown is occurring.  

    Tim

Children