Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
I have VPNs to 2 different site, the other end is not using Sophos but Meraki & ASA
My issue is for first site the remote subnet is 10.0.0.0/8 and for other one - 10.216.30.0/23 & 10.216.33.0/24
And it causing overlapping of subnets. packets are not being delivered to 10.216.30.0/23 subnet though sophos should check for longest prefix match
Is there a solution to send the traffic for 10.216.30.0/23 & 10.216.33.0/24 to second VPN instead of first one
As H_patel wrote you can only solve this with NAT. It's not the firewall that "should" check the longest prefix match; it's the workstation that thinks 10.216.30.0 is in it's own subnet hence the local…
Hi Tushar Jain,
Thank you for reaching out to the Community!
You would have to configure NAT on both sides for the overlapping networks.
Check out the following KBA for more info: Sophos UTM: How to tunnel between two UTMs which use the same LAN network range.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
As H_patel wrote you can only solve this with NAT. It's not the firewall that "should" check the longest prefix match; it's the workstation that thinks 10.216.30.0 is in it's own subnet hence the local computer will never deliver the package to the router but will only broadcast an WHO HAS 10.216.30.x on the local network.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Hi TJ and welcome to the UTM Community!
The real problem here is that one should NEVER use 10.0.0.0/8 and rarely subnets therein. My usual recommendation is for internal subnets to be in the 172.16.0.0/12 range. Reserve 192.168.0.0/16 for public hotspots and home users. Reserve anything in 10.0.0.0/8 for giant multinationals, ISPs, etc. UTM uses 10.242.[1-5].0/24 by default for VPN Pools.
Cheers - Bob