Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 22835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED over UTM to IPSEC Tunnel

mjpmotw
Dear all

I have an SG330 with two RED devices and an IP-SEC Tunnel connected.
All clients behind the RED and behind the Tunnel connect easily to the central network at SG330

I now need a connection from a client behind a RED to a Server behind the IPSEC Network and I fail to understand.

UTM SG 330 with an internal network: 172.16.0.0/16
RED with a network: 192.168.50.0/24
IPSEC with a network: 172.20.0.0/16

What do I need to configure?
Network Protection Firwall
Interface&Routing/Static Routing
Network Protection/NAT

Thank you for your help and kind regards, Matthias


This thread was automatically locked due to age.
Parents
  • 0
    It is a routing issue, but the problem in the UTM is that you can't route traffic into an IPsec tunnel.  If the tunnel doesn't have 'Strict routing' enabled, then you can SNAT the traffic into the tunnel, but that doesn't let you identify the source of requests at the server beyond the tunnel.

    I already have tunnel from {192.186.50.0/24}[RED] to {172.20.0.0/16}[ASG120] but I want to break it as it causes massiv performance issues that I can hardly isolate.

    That isn't what I understood from your first post.  In any case, you might want to check #1 in Rulz.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    It is a routing issue, but the problem in the UTM is that you can't route traffic into an IPsec tunnel.  If the tunnel doesn't have 'Strict routing' enabled, then you can SNAT the traffic into the tunnel, but that doesn't let you identify the source of requests at the server beyond the tunnel.

    I already have tunnel from {192.186.50.0/24}[RED] to {172.20.0.0/16}[ASG120] but I want to break it as it causes massiv performance issues that I can hardly isolate.

    That isn't what I understood from your first post.  In any case, you might want to check #1 in Rulz.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML