Hello Community,
i have a question for the Sophos SG330 & SG430 IPSec-Tunnels (Firmware v9.605-1).
A customer of mine has two clusters of SG-Firewalls running. The SG330 OnSite and the SG430 Housed in a DataCenter (future place to be).
I'm trying to get a Connection from any local-Subnet (Location A: 172.20.0.0/16 - 91+ VLANs) to any DataCenter-Subnet (Location B: 10.199.0.0/16 - same 91+ VLANs) running.
Everything runs fine (incl. RSA-Auth) in the IPSec-Connection, but we actually have 8281 SA's when starting the connection.
This overwhelms the CPU & RAM. (100% CPU / 100% RAM) and doesn't reduce within in 2 Hours.
Is there a possibility to create a "Super-Tunnel", that allows Routing over a Tunnel (with Gateway on the Tunnelinterface).
So that i could be like this:
Both Sites have 1G Internet over fiber. Both Sites have public+static IPs.
Location A (192.168.251.1) >= IPSec-Tunnel =< Location B (192.168.251.2)
Location A: like... route 10.99.0.0 mask 255.255.0.0 gw 192.168.251.2 (FW-A IP inside Tunnel)
Location B: link... route 172.20.0.0 mask 255.255.0.0 gw 192.168.251.1 (FW-A IP inside Tunnel)
I'm looking for something, that allows to create the tunnel, create a virtual Ethernet-Interface over which i can route the whole traffic.
I dind't find anything for that. Is this not possible, as this is a function only possible with the XG-Series?
Is there a different approach to adress all the remote Subnetz over one Super-Route?
Thank You for all your Ideas.
Franz
This thread was automatically locked due to age.