Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 8834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote SSL VPN to IPSEC Site2Site VPNs

Danny Chaplin

Have setup SSL Remote VPN

Connects fine and is able to access the LAN of the XG

 

What i want to achieve is to be able to access IPSEC VPNs to other remote LANs via the XG.

 

I have tried setting the VPN settings to use as default gateway and adding each subnet in manual to no avail. 

I have tried to put in a MASQ firewall rule so from Remote SSL VPN Subnet to remote subnet X change source to the the XTM LAN IP to no avail to.

 

How can this be achieved? Have managed this on WatchGuards and Sophos UTM9 in the past without any issues but the XG seems to be limited.

 

Example

Sophos XG Remote SSL VPN      10.81.234.0/24

Sophos XG LAN                         172.16.1.0/24

Sophos IPSEC to remote Site      192.168.1.0/24

 

Sophos SSL VPN user able to reach 192.168.1.0/24 subnet

 

Thanks in advance,

Danny

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Sam Thompson

    Tried this,

     

    SSL DialIn VPN

    10.81.234.0/24

     

    LAN

    192.168.1.0/24

     

    Remote

    192.168.2.0

     

     

    Added in the Site2Site IPSEC Tunnel.

     

    VPN OUT

    Local                                                  Remote

    192.168.1.0/24                                  192.168.2.0/24

    10.81.234.0/24

     

    VPN In

    Local                                                  Remote

    192.168.2.0/24                                  192.168.1.0/24

                                                             10.81.234.0/24

     

    The tunnels connect but doesnt route the local subnet (amber)

     

     

  • 0 in reply to Danny Chaplin

    Sorry for the late reply Danny.

    Do you have a support license with Sophos? It may be easier to get access and take a closer look.

  • 0 in reply to Sam Thompson

    Yes i do.

     

    I have added the permitted remote network in the VPN Settings on the Sophos XG

    Then in the Site2Site IPSEC tunnel added the SSL Dial In Subnet in the local

     

    Remote Site

    Added in the SSL Dial in Subnet for in remote.

     

    Tunnel estblishes but the status shows as yellow on the Sophos XG checking it reports issue with the SSL Dial In subnet added.

     

    Got to be the Sophos XG

    Works fine on a SG

     

    And its as if doesnt know its own DialIn SSL subnet.