Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 4509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG in Azure SSL VPN no access to Azure VMs

Dirk Sterzenbach

Dear all,

we have an issue with a XG in Azure: Remote users can connect via SSL VPN Client but they cannot reach any Azure VM in the virtual network behind the XG. We can reach the IP addresses on Port B (WAN) and also Port A (LAN), e.g. ping, user or admin portal but that's it.

I think it can't be an Azure routing problem which is addressed her: https://community.sophos.com/products/xg-firewall/f/vpn/84307/site-to-site-ssl-azure-rm. Because the Azure XG is connected through an IPSec site2Site VPN to an on premise Sophos XG. All working fine, on prem VMs and Azure VMs are connected, DNS is working, a second DC in Azure is synchronizing the AD without problems, users can use RDP form on prem to azure and vice versa etc. All fine!

Also we deployed the Sophos XG in Azure accrding to the Reference architecture deployment guide that also dealing with the necessary UDR in Azure routing tables.
https://community.sophos.com/kb/en-us/128102

And we know how to configure/use SSL VPN because we use SSL VPN also for the on prem Sophos XG. No problem to use RDP through the SSL VPN tunnel to work remotely on Windows VMs in the local network.

Anyone who is using Sophos XG in Azure and who works remotly on Azure VMs through an SSL VPN tunnel?

Any help or idea is appreciated.

Cheers
Dirk



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    What are you able to observe when you perform a packet capture for this attempted connection?

    Have you configured the required firewall rules and ACLs for this traffic? Any local firewall enabled on the Azure VM client?

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi FloSupport,

    I am sorry, but I wasnt able to perform the packet capture help yet beacuse I re-checked all NSGs and route tables on Azure today. But related to your hints I have a question:

    I am 100 % sure, that SSL-VPN is OK, because the if the connection is established, I can access the admin portal of the XG via the private Azure IP address. Additionally, I know how SSL VPN with XG works, because the SSL VPN to the on prem XG works as required, RDP to Windows VMs in the on prem network is no problem.

    With the above oberservations, would the packet checker help? I am not familiar with it, but if you say I should use it, I will do. Thanks for your efforts!

    Cheers Dirk

Reply
  • 0 in reply to FloSupport

    Hi FloSupport,

    I am sorry, but I wasnt able to perform the packet capture help yet beacuse I re-checked all NSGs and route tables on Azure today. But related to your hints I have a question:

    I am 100 % sure, that SSL-VPN is OK, because the if the connection is established, I can access the admin portal of the XG via the private Azure IP address. Additionally, I know how SSL VPN with XG works, because the SSL VPN to the on prem XG works as required, RDP to Windows VMs in the on prem network is no problem.

    With the above oberservations, would the packet checker help? I am not familiar with it, but if you say I should use it, I will do. Thanks for your efforts!

    Cheers Dirk

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?