This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Does anyone have experience doing this? Site with ER605 has CGNAT, while Sophos XG Firewall has public IP. Both has support for IPSec VPN, but I don't want all traffic to go to Sophos, just lan traffic. This will ensure better performance.
@jang430 1. IPSec site-to-site VPN will only take effect on two sites' LAN communication.
2. According to tplink instruction once the router is behind a NAT device, we have to select Aggressive Mode as Exchange Mode and select NAME as Local/Remote ID Type, otherwise, the VPN tunnel can’t be established.
Can I clarify your first answer? Meaning local internet traffic will not go through to Sophos XG firewall? If so, that will be desirable.
As for the 2nd answer, you're saying TP-Link can connect to Sophos XG Firewall, correct?
@jang430 1. Site-to-site means connecting two routers' LAN network. The VPN tunnel will be built-up on Internet.
It's not Clieent-to-LAN connection, so Internet will go through the router's own WAN.
2. I did not have the test but all brand routers IPSec should be able to work with each other.
Helpful: 0
Views: 1543
Replies: 3
No one has voted for it yet.
We use cookies and browser activity to improve your experience, personalize content and ads, and analyze how our sites are used. For more details, please read our Privacy Policy.
