How to allow remote access users to reach another site via a Site-to-Site Tunnel

  • Article ID: 115734
  • Rating:
  • 4 customers rated this article 4.5 out of 6
  • Updated: 13 Dec 2013

This article explains how to allow remote access users to reach another site via a Site-to-Site Tunnel.

In the following example, in order to keep things clear, the Site-to-Site VPN uses IPsec and the Remote Access method is SSL VPN. Since it's more secure to have Remote Access users work with a "full" tunnel, the "Internet" object is included in the appropriate place. The items in italic and bold are the changes needed to allow remote users to go through the tunnel from Site1 to Site2.

Applies to the following Sophos product(s) and version(s)

Sophos UTM Software Appliance
Sophos UTM

Note: The Sophos UTM configurations for the L2TP and PPTP Remote Access methods don't change when remote users are allowed to use a Site-to-Site tunnel. It's only necessary to make the additions to the Site-to-Site configurations and ensure that any VPN Pools are different.

Site 1

Definitions:

Interface "Internal" has a subnet of 172.20.11.0/24

'Network definition' "VPN Pool (SSL)" = 10.242.2.0/24

'Network definition' "LAN at Site2" = 172.20.12.0/24

SSL VPN Remote Access:

Check 'Automatic packet filter rules'

'Local networks' = "Internal (Network)" and "LAN at Site2" and "Internet"

Site-to-site configuration:

'Remote Gateway' 'Remote Networks' = "LAN at Site2"

'IPsec Connection' 'Local Networks' = "Internal (Network)" and "VPN Pool (SSL)"

 

Site 2

Definitions:

Interface "Internal" has a subnet of 172.20.12.0/24

'Network definition' "VPN Pool (SSL) at Site1" = 10.242.2.0/24

'Network definition' "LAN at Site1" = 172.20.11.0/24

SSL VPN Remote Access:

Not activated with the same IP pool as "VPN Pool (SSL) at Site1"

Site-to-site configuration:

'Remote Gateway' 'Remote Networks' = "LAN at Site1"and "VPN Pool (SSL) at Site1"

'IPsec Connection' 'Local Networks' = "Internal (Network)"

 


Attribution:

This article was submitted by Robert H. Alfson (Bob), MediaSoft Inc.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments