Hello! I'm currently using Sophos UTM asg and i'm in need of help for two problems. (I really hope i can get answers as-soon as possible, please i would be very grateful)
After doing web-filtring and vpn l2tp, i'm trying to make a vpn site-to-site. my config here is by using Vmware with two Sophos UTM asg (vmnet 2 and vmnet 3 for internals cards and bridged for externals) and two clients windows 7.
My first problem is i don't know if i should added a new farewell rules for vpn site-to-site like with vpn or web-filtering for example, and what rules should i added if it's needed. (not an expert, so please tell it to me like i'm five, i mean what to added in sources, services and destinations.)
An example :
2) My second problem is about the tutorial of the vpn site-to-site : https://support.sophos.com/support/s/article/KB-000036832?language=en_US
A. Here in Site A while doing the remote Gateway, should i added the ip adresse of the second sophos in 'Remote networks'?
B. In site B, While Initiating the connection, in the 'Gateway' should i added the IP of Site A?
- Then what about the remote networks? Should i also added the IP of site A?
1. yes you need rules to allow the communication through the tunnel. (you may try to set the checkbox "automatic firewall rule" within VPN configuration)
2."Remote networks" are the networks you have to reach "at the other side" ... local networks are the local network(s) clients from the other side should be able to access.
The IP of the gateways should not be added to these lists.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Thank's for your reply, may i know what rules should i added 'manually'? It's for school purpose so i'm needed to write it this way.
dirkkotte said:The IP of the gateways should not be added to these lists.
Secondly, i didn't get this. how should i connect them if i'm not using their IP?
1. like a "normal" Firewall rule ... Rule example ClientNetWork (SiteB) - CIFS - Server (siteA)
2. You have the "remote Gateway". Within "Gateway" you have to place the "contact-IP" and within "Remote networks" the reachable networks.