This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecting to intranet sites hosted over IPSEC VPN when web filtering is on.

Hi There,
I manage a branch office, and was having trouble connecting to websites hosted by the head office (over an IPSEC VPN) when web filtering is on.

Branch office running UTM9 is connected to IPSEC to head office (not sure of their equipment) and the websites are hosted at HO.


The UTM uses Branch office Domain Controller for DNS. Branch office DNS has a conditional forwarder to the internal IP of Head Office DNS.
So intranet addresses such as intranet.mycompany.com are resolved at head office. Clients resolve intranet addresses okay, and the UTM, on the command line resolve intranet addresses okay.

It just cant seem to route to them. On the command line the UTM seems not to know about the IPSEC VPN.
Doing a traceroute to the intranet IPs on the UTM command line looks like it goes out to the general internet, and not over the VPN. When using the UTM as a proxy the clients get timeouts for intranet addresses (not surprising since the command line cant access them either)

So how can I force web filtering traffic for the intranet sites over the IPSEC VPN? (I dont want to force all traffic) I thought about a static route, but the IPSEC doesn't appear as an interface or anything in the Static Route section and I am a little hazy on an Interface route vs a gateway route.

Any ideas would be helpful.
Thanks



This thread was automatically locked due to age.
Parents
  • Hi,

    To do that configure a Static DNS entry in the UTM for intranet.com and configure UTM'S IP address as the DNS server for branch office endpoint. This will route the traffic for intranet website through the IPSEC tunnel. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi,

    To do that configure a Static DNS entry in the UTM for intranet.com and configure UTM'S IP address as the DNS server for branch office endpoint. This will route the traffic for intranet website through the IPSEC tunnel. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data