IPsec VPN with VMWare NSX at hub and Sophos XG On Spoke Networks So Spokes See Each Other
I have 13 IPSec VPNs that are set up and working on a VMWare NSX Edge. The remote sites are all Sophos XG Firewalls. They used to connect to a Sophos firewall. In the earlier scenario, there was a VPN to VPN rule that joined all the Sophos IP Sec connections together in a hub and spoke network design. One could see devices between Atlanta to Orlando, for example.
Now I have them all connected successfully to the VMWare NSX Edge firewall. I have 2 rules for each location on the NSX. For example, NSX to Atlanta and the reciprocal Atlanta to NSX.
I'd like for traffic to be seen from one location, like Atlanta, through the NSX Edge to Orlando.
On each Sophos connection to the Edge, I've added the remote networks I'd like to add to the Edge connection.
In the previous all Sophos configuration, at the "hub" Sophos, a rule of VPN to VPN was in place to make this happen.
But I think I'm missing something on the NSX Edge to allow for Atlanta to "see" Orlando.
I have added reciprocal rules of Atlanta to Orlando and vice versa on the NSX but that is not working.
Now I have them all connected successfully to the VMWare NSX Edge firewall. I have 2 rules for each location on the NSX. For example, NSX to Atlanta and the reciprocal Atlanta to NSX.
I'd like for traffic to be seen from one location, like Atlanta, through the NSX Edge to Orlando.
On each Sophos connection to the Edge, I've added the remote networks I'd like to add to the Edge connection.
In the previous all Sophos configuration, at the "hub" Sophos, a rule of VPN to VPN was in place to make this happen.
But I think I'm missing something on the NSX Edge to allow for Atlanta to "see" Orlando.
I have added reciprocal rules of Atlanta to Orlando and vice versa on the NSX but that is not working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER