Configuring an existing IPSec tunnel to send all traffic to a central UTM

  • Article ID: 115661
  • Rating:
  • 14 customers rated this article 1.6 out of 6
  • Updated: 06 Nov 2015

This article describes how to change an existing site-to-site IPSec tunnel to a 'full' tunnel in which all traffic is sent from a remote site through the central UTM.

This configuration will allow central monitoring of all traffic from the remote site at the central office UTM.

Known to apply to the following Sophos product(s) and version(s)
Sophos UTM

What To Do

Remote office settings:

On the UTM at the remote site:

  1. Navigate to Site-to-site VPN | IPsec | Remote Gateways.
  2. On the defined remote gateway for the central office, click 'Edit'.
  3. Change the 'Remote Networks' box to only contain the network 'Any'.
  4. Click 'Save'.

Central office settings:

On the UTM at the central office:

  1. Navigate to Site-to-site VPN | IPsec | Connections.
  2. On the defined local connection for the remote site, click 'Edit'.
  3. Set 'Local Networks' to only contain 'Any'.
  4. Click 'Save'.

Additional configuration notes:

  • All traffic from the remote office will now be sent to the central office UTM. As such, any configured NAT rules, Firewall rules, Web Protection settings, or other services such as DNS, DHCP, IPS, etc. may need to be modified to include a definition for the remote network to be allowed out to the Internet or to access local resources.
  • In order to access the internet, a Masquerading rule will also need to be configured for the remote network.
  • For small branch offices using this centralized configuration, Sophos also offers the RED appliance as a cost effective solution for centralized remote network management.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent