Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 3643 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

send SSL-VPN internet traffic through WAN interface of RED-connected second UTM?

lordmaxey

Hi there,

i can't make this working - i hope you guys can help me :)

I have two UTMs which are connected through Sophos-RED. I'll call them UTM1 and UTM2.

I have set up a full-tunnel ssl-vpn on UTM2. This UTM2 does have a static ip address and is the RED-server.
UTM1 does not have a static IP address and is the RED-client.

Now, when i connect via ssl vpn client from anywhere to UTM2, i have the public IP-Address of UTM2 and can access all local machines and network from UTM1 over the RED-tunnel.
Works great so far.

But now i would like to do the following:
When i connect via ssl vpn client, i want all internet traffic to be routed through the RED-tunnel to use the WAN interface from UTM1.
so when i would check my ip-address it should show me the public ip from UTM1, and not the one from UTM2 anymore.

How can i make this work?

I tried setting up the RED-interface as a secondary wan interface and played around with multipath rules...
But i just can't get it to work. I'm missing something either on UTM1 and/or UTM2.

Any help or hint would be appreciated!

Thanks!

Cheers,

Max



This thread was automatically locked due to age.
  • 0

    Hey Max,

     

    maybe this is solvable with SNAT?

     

    Regards

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • 0

    Hallo Max,

    Does How to allow remote access users to reach another site via a Site-to-Site Tunnel give you enough information to get this done?

    Don't forget a Masquerading rule and to change "VPN Pool (SSL)" in one of the UTMs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Jason and Bob,

    thanks for your replies.

    No, i don't really get it... i read the post, but i'm still wrong...

    i connect to UTM 2 with SSL VPN. i changed the pool to 10.242.3.0/24 that it's different from the VPN Pool 10.242.2.0/24 from UTM 1.

    UTM2:
    SSL VPN connection (profile: local networks: any)
    no automatic FW rule
    username(User-network) fw rule --> any --> local network utm1
    username (user-network) fw rule --> any --> internet ipv4
    static route: internal LAN UTM1 --> RED-IP
    maskerading rule for username (user-network) --> uplink interfaces
    uplink-balancing: WAN 100%, RED-Interface: 0%
    mulitpath rule: username (user-network) -->any --> internet ipv4 --> RED-Interface

    --> this shows me public IP from UTM2.
    local network shares from utm1 can be reached without problems.

     

    UTM1:
    FW Rule: VPN-Pool UTM2 -->any --> local network
    FW rule: VPN-Pool UTM2 -->any --> internet ipv4
    Static route: VPN-Pool UTM2 -->RED IP UTM2
    maskerading rule: VPN-Pool UTM2 --> WAN-Interface

     

    I'm missing something...

    The thing is, i have different users on UTM2 which connect via ssl vpn - but they have a different profile (not any, only local utm1 network).
    and if a specific user connects (me) than i want internet traffic to be route via WAN interface of UTM1.

     

    Any help is appreciated! Thanks!

Unfiltered HTML