This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

redundant IPSEC Site2Site VPN

We actualy manage several UTMs with the SUM v4.1

Now we want to create redundant VPN connections.

The UTMs sometimes have 1-3 Internetuplinks.

Sample:

1st VPN from Site-A 2/2MBit -> Site-B 50/50MBit
2nd VPN from Site-A 2/0,256MBit -> Site-B 5/5MBit

So we want to have this two connections to be prepared for a fault situation.

We like to user the 1st VPN all the time, but if the 1st fails (line down), we want to switch automatically to the 2nd. And - if it is possible switch back to the faster Line after it is back.

How this could be managed with the SUM?

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago
Daniel, you can't define two different VPNs between the same two subnets without creating routing problems. The solution is to be found as per my post above...

Assume that we have:
Site A:
WAN-A1: 94.95.96.97
WAN-A2: 81.82.83.84

Site B:
WAN-B1: 111.112.113.114
WAN-B2: 122.123.124.125

Now, to define the VPN...

Site A:
[LIST=1]
Create an Availability group named "Site B WANs" with 111.112.113.114 and 122.123.124.125 in order.
Activate Uplink Balancing with both WAN-A1 and WAN-A2.
Create a Multipath rule binding IPsec traffic to "Site B WANs" to WAN-A1
In the IPsec VPN, use "Uplink Interfaces" in the IPsec Connection for Site B, and "Site B WANs" as the 'Gateway' in the Remote Gateway definition.
[/LIST]
Site B:
[LIST=1]
Create an Availability group named "Site A WANs" with 94.95.96.97 and 81.82.83.84 in order.
Activate Uplink Balancing with both WAN-B1 and WAN-B2.
Create a Multipath rule binding IPsec traffic to "Site A WANs" to WAN-B1
In the IPsec VPN, use "Uplink Interfaces" in the IPsec Connection for Site A and "Site A WANs" as the 'Gateway' in the Remote Gateway definition.
[/LIST]

Hopefully, that prescription is clearer now, but I believe you should have found it already with the above google. I realize that this is in the UTM Manager forum, but I haven't tried to do such a global VPN configuration with SUM.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago
Daniel, you can't define two different VPNs between the same two subnets without creating routing problems. The solution is to be found as per my post above...

Assume that we have:
Site A:
WAN-A1: 94.95.96.97
WAN-A2: 81.82.83.84

Site B:
WAN-B1: 111.112.113.114
WAN-B2: 122.123.124.125

Now, to define the VPN...

Site A:
[LIST=1]
Create an Availability group named "Site B WANs" with 111.112.113.114 and 122.123.124.125 in order.
Activate Uplink Balancing with both WAN-A1 and WAN-A2.
Create a Multipath rule binding IPsec traffic to "Site B WANs" to WAN-A1
In the IPsec VPN, use "Uplink Interfaces" in the IPsec Connection for Site B, and "Site B WANs" as the 'Gateway' in the Remote Gateway definition.
[/LIST]
Site B:
[LIST=1]
Create an Availability group named "Site A WANs" with 94.95.96.97 and 81.82.83.84 in order.
Activate Uplink Balancing with both WAN-B1 and WAN-B2.
Create a Multipath rule binding IPsec traffic to "Site A WANs" to WAN-B1
In the IPsec VPN, use "Uplink Interfaces" in the IPsec Connection for Site A and "Site A WANs" as the 'Gateway' in the Remote Gateway definition.
[/LIST]

Hopefully, that prescription is clearer now, but I believe you should have found it already with the above google. I realize that this is in the UTM Manager forum, but I haven't tried to do such a global VPN configuration with SUM.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data