Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 4269 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access share folder over SSL-VPN on another Site

itpro

Hi,

I have the following situation:

There are 2 Sites, Site A (headquarters) and Site B (branch office). Site A and B are connected together via a IPsec connection. Users who are connected to Site B via SSL-VPN (Remote) should be able to access a network share on Site A.

Is there a way to do this without adding additional networks on both Firewalls to the existing IPsec connection?

 

I thought about masking the IP address range of the SSL-VPN Remote users.

 

The sites have the following networks:

IP-Network of Site A (headquarters): 192.168.10.0/24

IP-Network of Site B (branch office): 192.168.20.0/24

IP-Network of SSL-VPN Remote that connect to Site B (branch office): 10.10.20.0/24

 

The users on Site B can only access the network share on Site A if they are in the local LAN (192.168.20.0/24).

 

How can I configure the XG on Site B so that also users who are connected via SSL-VPN to Site B can access the network share on Site A?



This thread was automatically locked due to age.
  • 0

    The easy way is to add the SSL range to the Tunnel. 

    Another way to do it is to create a firewall rule with the SSL range as source and the file server IP as destination and do a hide NAT in the rule to hide behind One IP on your office on Site B (192.168.20.x) This should work as well. But all the traffic from SSL to Fil server will then be hidden behind that IP address.

     

    //Rickard

  • 0

    I believe there is a way to do this without adding the SSL VPN pools to the tunnel but I would highly recommend you do not pursue this avenue. 

    Take a look at this KB first : https://community.sophos.com/kb/en-us/132758

    In addition to what is there, you will need to modify one of the SSL VPN pools so it does not have an overlapping network effect on your routing since you have people connecting to both firewalls using this function.