This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM to UTM Red tunnel

I have managed to get the tunnel up and connected. Easy.

 

My problem is getting network connectivity over the tunnel

My end goal is to have VLAN in site B pass all of its traffic over the tunnel to the VLAN in site A. Essentially bypassing the local internet in Site B's location.

 

Site A (Server side)

I have created an interface for the RED tunnel, 192.168.100.1/24

I have set up static gateway route with the network as the VLAN in site B, and gateway as the RED interface on site Bs utm, 192.168.100.2

I have added a firewall rule to allow 'any' service between the vlans

 

Site B (Client side)

I have created an interface for the RED tunnel, 192.168.100.2/24

I have set up static gateway route with the network as the VLAN in site A, and gateway as the RED interface on site Bs utm, 192.168.100.1

I have added a firewall rule to allow 'any' service between the vlans

 

From Site A, I cannot ping 192.168.100.2 or any IP in site Bs VLAN.

 

am i missing something here? This is what i used for a guide, community.sophos.com/.../120157



This thread was automatically locked due to age.
Parents
  • If I understand what you want to do, that KB article isn't the approach you want to take...

    You can use a RED tunnel to create a bridge between Interfaces on two different UTMs.  Say you want to have the subnet 192.168.200.0/24 in sites A & B.  Define an Ethernet bridge in the server site using reds1 and eth0 (for example), creating an interface 192.168.200.1/24.  In the client site, use redc1 and eth0 to create an interface 192.168.200.2/24.  In the server site, create a DHCP server with a dynamic range of 195.168.200.100-199 (for example) and do not create a DHCP server on the other UTM. Whether the DHCP server assigns .1 or .2 as default gateway depends on your specific needs.

    If that doesn't describe what you wanted to do, please show pictures of the Edits of the relevant firewall rules, Interface definitions, Static routes and RED server definition.  Also, confirm that none of the related Network/Host definitions violates #4 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • If I understand what you want to do, that KB article isn't the approach you want to take...

    You can use a RED tunnel to create a bridge between Interfaces on two different UTMs.  Say you want to have the subnet 192.168.200.0/24 in sites A & B.  Define an Ethernet bridge in the server site using reds1 and eth0 (for example), creating an interface 192.168.200.1/24.  In the client site, use redc1 and eth0 to create an interface 192.168.200.2/24.  In the server site, create a DHCP server with a dynamic range of 195.168.200.100-199 (for example) and do not create a DHCP server on the other UTM. Whether the DHCP server assigns .1 or .2 as default gateway depends on your specific needs.

    If that doesn't describe what you wanted to do, please show pictures of the Edits of the relevant firewall rules, Interface definitions, Static routes and RED server definition.  Also, confirm that none of the related Network/Host definitions violates #4 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    My end goal is to have 2  subnets/vlans on either site, but for the VLAN in Site B's next hop to be the vlans gateway in site A, thus eluding the local ISP restrictions in site b.

    I have deleted everything and recreated

    Firewall Rules

     

    Interface

      

    RED Server connection

     

     

    Now at this stage i would assume id be able to ping the RED interfaces from each others location, but ping fails.

  • The Interface images and the ping attempt image are all too small to be legible.  Please replace them in your post.  Also, check the firewall log in both UTMs to confirm that there's no evidence of a block occurring.  If, instead of pinging, you try to RDP to a computer in the other location, are you able to connect?

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA