Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 16625 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Policy Routes to Route Services Through RED Tunnel

NickT

I have a challenge.  My job has two locations and manages UTM appliances for clients using the SUM.  The client UTM appliances are configured only to allow WebAdmin requests coming from the public IP of the main office.

To accomplish this, I have created a RED tunnel between the main office and branch office.  The tunnel works beautifully.  I have also added the necessary firewall rules and masquerading rules to allow the branch office to access the internet using the public IP of the main office.  Currently, the static routs are configured only to route traffic destined for the corporate network through the tunnel and internet traffic goes out through the branch office's WAN connection.

The idea is to have a split tunnel, but have any traffic destined for port 4444 on a public network route through the tunnel.  I have configured a policy route on the branch UTM as follows.

Type: Gateway Route

Source Interface: Any

Source Network: Internal (LAN)

Service: WebAdmin

Destination Network: Internet IPv4

Gateway: IP of RED Interface on main office UTM

It looks like the policy route is working, but the traffic dies at the main office UTM.  I ave checked the firewall rules and confirm they allow internet access from the branch office.   COnfirmed that the proper masquerading rules are in place.  I can't seem to get this to work properly.



This thread was automatically locked due to age.
Parents
  • 0

    Nick, there's not enough detail to be certain, but I think this is a routing problem at the main office.  If you already have a masq rule there, then it may not be the one you want.  Please show us pictures from the main office UTM of Edits of the RED configuration, the Policy Route, the Host/Network definitions included and the masq rule.

    If you try from the SUM in the main office, can it connect to WebAdmin at the client sites?

    Cheers - Bob

    PS I've moved this to the RED forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for the reply Bob.  When in the office, I have no problems accessing WebAdmin at client sites from the SUM.  Please see my configuration below.

    This is the interface for the RED on the office UTM.  It is currently turned off because it doesn't work as needed.

    Below is the static route on the office UTM.  The network definition Nick-Home-Office is 172.16.0.0/24

    Firewall rule on the office UTM.  I configured this to allow my home network access to the office network, but not allow the office network access to the home network.  Office network resources are still available.

    Masquerading rules on office UTM:

    RED interface on my home UTM.  Again, this is turned off because it's broken.

    Static route on home UTM.  BMB network definition is 192.168.20.0/24

    Policy Route on home UTM.  Network definition for BMB-RED Gateway is 10.30.30.1

    Firewall rule on home UTM

Reply
  • 0 in reply to BAlfson

    Thanks for the reply Bob.  When in the office, I have no problems accessing WebAdmin at client sites from the SUM.  Please see my configuration below.

    This is the interface for the RED on the office UTM.  It is currently turned off because it doesn't work as needed.

    Below is the static route on the office UTM.  The network definition Nick-Home-Office is 172.16.0.0/24

    Firewall rule on the office UTM.  I configured this to allow my home network access to the office network, but not allow the office network access to the home network.  Office network resources are still available.

    Masquerading rules on office UTM:

    RED interface on my home UTM.  Again, this is turned off because it's broken.

    Static route on home UTM.  BMB network definition is 192.168.20.0/24

    Policy Route on home UTM.  Network definition for BMB-RED Gateway is 10.30.30.1

    Firewall rule on home UTM

Children
Unfiltered HTML