Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 4514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG in Azure SSL VPN no access to Azure VMs

Dirk Sterzenbach

Dear all,

we have an issue with a XG in Azure: Remote users can connect via SSL VPN Client but they cannot reach any Azure VM in the virtual network behind the XG. We can reach the IP addresses on Port B (WAN) and also Port A (LAN), e.g. ping, user or admin portal but that's it.

I think it can't be an Azure routing problem which is addressed her: https://community.sophos.com/products/xg-firewall/f/vpn/84307/site-to-site-ssl-azure-rm. Because the Azure XG is connected through an IPSec site2Site VPN to an on premise Sophos XG. All working fine, on prem VMs and Azure VMs are connected, DNS is working, a second DC in Azure is synchronizing the AD without problems, users can use RDP form on prem to azure and vice versa etc. All fine!

Also we deployed the Sophos XG in Azure accrding to the Reference architecture deployment guide that also dealing with the necessary UDR in Azure routing tables.
https://community.sophos.com/kb/en-us/128102

And we know how to configure/use SSL VPN because we use SSL VPN also for the on prem Sophos XG. No problem to use RDP through the SSL VPN tunnel to work remotely on Windows VMs in the local network.

Anyone who is using Sophos XG in Azure and who works remotly on Azure VMs through an SSL VPN tunnel?

Any help or idea is appreciated.

Cheers
Dirk



This thread was automatically locked due to age.
Parents
  • 0

    Our company hosts our customer workloads in Azure, each customer sitting behind their own XG so I have a lot of experience with XG in Azure.  Do you have a UDR (User Defined Route) table in Azure defined that is directing all Azure traffic to the Azure Sophos XG?  I wonder if an existing UDR is only covering your on prem networks and not the SSL-VPN IP pool?  In that case, return traffic is leaving the VMs and going out into the Azure ether instead of back to the Sophos.  The other thought would be NSGs that are blocking the SSL-VPN IP pool.  Those are two quick things that come to mind.

  • 0 in reply to NateP

    Hi NateP,

    thanks for your reply. Especially the tipp related to the UDR that must cover also the SSL-VPN ppol sounds relevantI will check your hints soon and revert with the results.

    Dirk

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?