Scribd Logo
Upload

Welcome to Scribd!

  • TEAM-How To Route Traffic To CMC Gateway-171123-192903

    Uploaded by

    tanpn1307
    3 views6 pages

    Original Title

    TEAM-How to route traffic to CMC gateway-171123-192903

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views6 pages

    TEAM-How To Route Traffic To CMC Gateway-171123-192903

    Uploaded by

    tanpn1307

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    How to route traffic to CMC gateway

    Purpose:

    Routing important traffic.

    Source: Attune Middleware Server, Laboratory PC, Ultrasound/XrayPC

    Destination:
    sapoche.vn

    lis-diag.attunelive.net

    Gateway: CMC (42.96.44.206)

    Requirement:

    XGS3300 hardware appliance with atleast base license


    Virtual Appliance with home license

    Infrastructure at CMC with highspeed internet, static IP

    How to do this ?

    Step 1: Setup VPN tunnel:


    Login to Sophos Web admin GUI → Configure → Site-to-site VPN
    Step 1.1: Configuration at XGS 3300
    Connection type: Tunnel interface

    Gateway type: Response Only


    Profile: IKEV2

    Authentication type: Preshared key (input key like 123456a@)


    Listening interface: Port2 - 171.244.184.49

    Remote gateway: 42.96.44.206


    Local ID type: IP address

    Local ID: 171.244.184.49


    Remote ID type: IP address
    Remote ID: 172.66.16.254
    Step 1.2: Configuration at VSFW-01
    Connection type: Tunnel interface
    Gateway type: Innitiate the connection

    Profile: IKEV2

    Authentication type: Preshared key (input key like 123456a@)


    Listening interface: Port1 - 172.66.16.254

    Remote gateway: 171.244.184.49

    Local ID type: IP address

    Local ID: 172.66.16.254


    Remote ID type: IP address

    Remote ID: 171.244.184.49


    Step 1.3: Check result
    At XGS 3300:

    At VSFW-01:

    Step 2: Configure tunnel interface

    Requirement: IPsec tunnel interface at step 1 established successfully


    Step 2.1: At Sophos Web admin GUI → Configure → Network → Interfaces → Expand Port → Click on the virtual tunnel interface
    At XGS 3300

    At VSFW-01
    Step 2.2: Set Up IP address for tunnel interfaces:
    At XGS 3300

    At VSFW-01

    Step 3: Create Firewall rule allow traffic and configure SDWAN-routing


    Step 3.1: Create Firewall rule with NAT rule
    At VSFW-01:
    Sophos Web admin GUI → PROTECT → Rules and policies → Firewall Rules
    Sophos Web admin GUI → PROTECT → Rules and policies → NAT rules

    Step 3.2: Configure SDWAN-Routing


    At XGS 3300:
    Create Gateway CMC:
    Sophos Web admin GUI → CONFIGURE → Routing → Gateways → Add

    Configure SD-WAN route


    Sophos Web admin GUI → CONFIGURE → Routing → SD-WAN route → Add
    Result

    You might also like