I'm trying to set up an IPSec connection from a Sophos XG 85 to a Ubuntu box running libreswan. I have three subnets on each side, but I don't want them all to be able to talk to each other. For simplicity, I'll call my Sophos-side subnets A, B, and C, and my libreswan-side subnets D, E, and F. In libreswan, I have the following tunnels defined:
D <--> A E <--> B F <--> C
On the Sophos, I have to enter a group of subnets for each side. So I enter A, B, and C for the local subnets and D, E, and F for the remote subnets. But this results in 9 tunnels:
A <--> D A <--> E A <--> F B <--> D B <--> E B <--> F C <--> D C <--> E C <--> F
Is there any way to do what I'm trying to do on a Sophos box? Thanks in advance :)
No comments:
Post a Comment