This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using location A subnet on a switch port at location B

Not sure if this belongs here or under VPN. I have multiple locations that are all connected via red tunnels. Each location has its own subnet. Everything works as it is currently setup - Location A can ping / access services, etc. from location B. VLAN traffic is passed as it should be.

Now for the tricky part - in "Location B", I need to put one of the ports on the subnet for "Location A". In other words, I'd like to be able to plug something into a port on my switch in location B and have it think it is in Location A.

I thought maybe I could just add an interface on the physical interface in the remote location and tag it as a VLAN and give it a static IP address from the Location a subnet. When I do that, it does't work - in fact it basically shuts off all traffic to between location A and location B. (as soon as I disable the new interface everything returns to working as it should.

Any guidance would be appreciated. Thank you.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Glenn,
    I can only go on theory, no experience with RED. I suspect you will need a route in the far end red to point the traffic at the vpn. Also you wouldn't tag the VLAN on the UTM or RED because they would be normal ports.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • Ian, did you ever get this working? I have the same exact scenario.

  • Hi Steve,

    I don't have access to a red to try this out. I am a home user of both XG and UTM

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi, Glenn, and welcome to the UTM Community!

    To do this, you will need to add a second RED tunnel between the sites.  In site A, bridge the reds# with the subnet that a port on site B should be able to join.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Steve, does my reply to Glenn give you enough information to accomplish this?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It helps Bob, but I'm still over my head. 

    We're looking at an alternative plan.

  • Here's the problem, you need to "transfer" an Ethernet connection to the other side.  The way the original RED connection between the two sides is configured, that can't be done.  The RED connection is like a loooong Ethernet cable, so we just make a second connection.

    • On the far side (let's assume it's the Client side), we assign redc1 to an Interface defined on VLAN2 and give it an IP from the subnet on VLAN2 on our (Server) side.
    • On our side, we bridge reds1 to the Interface defined as VLAN2.

    Questions?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA