Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 1587 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to route all traffic across an ssl site to site vpn?

pesos2

Hi all,

For some time now we've had a red tunnel configured between two UTM home devices that are both behind NAT.  Everything worked fine and we could route all traffic from the LAN on each side across the tunnel and out the opposite device's internet connection by using a policy route.

Lately we have been getting ridiculously slow speeds across the tunnel, and I have a similar tunnel set up with another device in the same city as the original that does not exhibit the problem.  Suspecting something funky about the RED tunnel and the ISP at the original tunnel site, I am trying to switch to an SSL tunnel to see if the problem persists.

But although we have the tunnel set up, i can't seem to get traffic to route across it and out the opposite end - it all just goes out the local ISP as if there is no tunnel or route specified at all.

I've tried putting Internet IPV4 in the network list for the tunnel configuration but that doesn't help.  Have tried it with and without a policy route set (targeting the internal interface of the utm that is across the tunnel) with no effect.

Is there something different about ssl tunnels vs. red ones that would require routing this differently?

thanks!



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you configure "Any" in Local Network in Remote Access Profile, MASQ rule for the SSL VPN network for internet access, and a firewall to allow internet access to the SSL VPN network? If you did configure all of these, ensure you download the new configuration file before connecting to the SSL VPN. 

    If you want to configure full tunnel SSL Remote VPN, you do not have to configure static or policy routes. 

    Thanks,

  • 0 in reply to FormerMember

    Thank you Harsh, I will try these extra steps.  If I put "any" in the local network, does that mean that my OTHER site (the one that is currently routing over a RED tunnel) will no longer get routed out my local internet, but will in fact also be sent across the other tunnel and back out?  I obviously do not want that to be the case.

  • 0 in reply to FormerMember

    I put "any" in the local network but nothing has changed.

  • FormerMember
    0 FormerMember in reply to pesos2

    Hi ,

    I thought you were configuring SSL Remote Access VPN, but it seems you have the site to site SSL VPN. 

    Could you please share the configuration screenshots? 

    Thanks,

  • 0 in reply to pesos2

    Hi neighbor and welcome to the UTM Community!

    You might also want to open a thread in the RED forum so that we can help you fix that issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML