Situation: We have 2 sites with both a Sophos XG connected to each other using the IPSEC policy Head office and Branch office. Both firewalls have 2 rules setup allowing VPN traffic to LAN and LAN traffic to VPN
I'm able to ping and able to use the RDP host on the Head Office
Clients are Windows 7 pc's some are domain joined and have been moved to the branch office but won't conenct to the domain (users are able to login with last known credentials however, but the client won't receive the new set password for example)
What I want to achieve: Being able to have a domain joined pc on the branch office to be able to authenticate with the head office.
What did I already tried?: Both Sophos firewalls are setup to be integrated with the AD using this guide: https://community.sophos.com/kb/en-us/123155 I then followed this guide https://community.sophos.com/kb/en-us/123334 to make changes to the branch office, however I always have the feeling Sophos articles leave stuff out, for example does the VPN connection need to be re-initiated after those commands? (Haven't tried it yet because people are now working on the network)
Are there other settings that I need, for example does the DNS of the client need to point to AD server as secondary IP, or does the FQDN need to be entered as DNS Host entry in the branch office Sophos XG?
AD server: 192.168.56.1
Sophos HO: 192.168.56.250
Sophos BO: 192.168.1.1
commands entered:
system ipsec_route add host 192.168.56.1 tunnelname SF_BO_TO_SF_HO
set advanced-firewall sys-traffic-nat add destination 192.168.56.1 snatip 192.168.1.1
This thread was automatically locked due to age.
