Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 10379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access some LAN devices on SSL VPN

J F

Hello, 

I have some devices ( security cameras) blocked from being able to access the WAN to protect them from being hacked and for privacy. That being said I can access them when I am home on the WIFI LAN network just fine but I also want to access them while I am away.

So I set up SSL VPN on my phone using openVPN and gave it access to the local LAN. So basically I have to VPN into the house network to be able to look at my cameras. 

Now I set it all up and I can access some devices on the LAN, like my two Network Video Recorders just fine, but I cannot access the individual cameras while on VPN. I can access them while I am on the LAN network but not from VPN. 

Any idea as to what this could be and how to fix it



This thread was automatically locked due to age.
Parents
  • 0

    I ran into this issue today. I have SSLVPN setup to access my home LAN. I also 'break-out' to the internet from the internet at home when connected to the VPN.

    Today, I created a couple of VLAN's and moved some IOT devices over to them (DMZ Zone in Sophos) .

    1. The IOT devices/DMZ is configured to access the internet - confirmed works fine.
    2. Have also configured the LAN to be able to access the DMZ zone and that works fine too.
    3. Traffic from DMZ to LAN is blocked - confirmed works fine.

    The only thing I can't get to work is when I am connected to the SSL VPN - I can't reach the DMZ. To ensure I didn't miss out anything 

    1. I went to SSL VPN under the VPN tab and in the VPN profile, and added the DMZ IP subnets to the Permitted Network Resources (IPv4) 
    2. I went to the firewall policy and allowed communication from VPN to these DMZ Networks. I have tried a combination of using the Exact VPN Subnets and exact IP's of the IOT devices and it still wouldn't work. 

    Observations 

    1. My VPN ip range is 10.81.234.5 - 10.81.234.255. When I connect the VPN on my laptop, I get an IP say .6. From my Laptop I am unable to ping the .6 (very strange!!!) and not even .5 (which is the SSL VPN server IP per Sophos). I can ping the LAN IP of the firewall though and then go on to the internet through my home internet. This isn't a problem but I am intrigued by why am I not able to ping a locally confirmed IP.
    2. When connected to the VPN, I am able to ping the gateway IP's of the VLAN's ( The gateway of the IOT devices). I trace this ability to step #1 highlighted in blue (When I add the DMZ subnets). So when I add the subnet definition the ping to the VLAN gateway goes through. 

    Any pointers will be appreciated. 

    PS: This is solved.  Read my answer below.

  • 0 in reply to AB5g

    Hi,

    can you post some screenshots of your Config? 

     

Reply Children
  • 0 in reply to LuCar Toni

    At the expense of sounding like a total idiot, I managed to get this working. I did a couple of things

    1.  I redid all my network definations (the DMZ Subnet ranges under Hosts and Services)

    2. I regenrated the SSL profile for the user. I read it here - 

    I dont know which one solved the issue, but I suspect its #1. I have a laptop that I has the old SSL profile on it - Dont have access to it now. But tomorrow I am going to try use that to access the netowrk. If it works then, the problem was my defination of the DMZ subnet range.

    Thank you Sophos !!

     

    Edit 

    It was me !!. The old SSLVPN profile connects and has access to the DMZ zone. So for me #1 was the problem.