Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 5321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Access to SSL Client side

Marcel Ruch

There is a SSL VPN client connection to a Sophos XG Firewall. The Connection is fine. From the client side i get access to the XG Firewall local LAN. Now i need also access from XG Firewall local LAN to the Client LAN.

I have two Firewall Rules.

- VPN to LAN
- LAN to VPN

What else do I need.

Thank's  community.



This thread was automatically locked due to age.
Parents
  • 0

    Marcel,

    did you follow this kb?

    https://community.sophos.com/kb/en-us/122769

    You only need VPN to LAN and not vice-versa.

    Regards

  • 0 in reply to lferrara

    Yes, i folllowed exactly this kb. As i said. Access from Client LAN to local LAN (XG side) is possible. But i need also access from local LAN to Client LAN.

  • 0 in reply to Marcel Ruch

    Marcel,

    Can you explain a bit better? Do you need to access a lan that is behind a S2S vpn?

  • 0 in reply to lferrara

    Ok. Let's try to explain.

    ---------------------------------------------        VPN SSL Connection    -----------------------------------------------

    | SSL VPN Client, LAN 192.168.75.0/24 |  <-------------------------> | XG Firewall, local LAN 192.168.11.0/24 |

    ---------------------------------------------                                         -----------------------------------------------

    Access from Client LAN to XG Firewall local LAN is ok.

    MANAGEMENT: >STATE:1580996743,CONNECTED,SUCCESS,10.81.234.6,46.14.83.102,8443,192.168.75.223,58254

    Ping wird ausgeführt für 192.168.11.101 mit 32 Bytes Daten:
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127

    Ping-Statistik für 192.168.11.101:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
    Ca. Zeitangaben in Millisek.:
    Minimum = 21ms, Maximum = 21ms, Mittelwert = 21ms

     

    But i don't have access from XG Firewall local LAN to VPN Client LAN.

     

    Ping wird ausgeführt für 10.81.234.6 mit 32 Bytes Daten:
    Zeitüberschreitung der Anforderung.

    Ping-Statistik für 10.81.234.6:
    Pakete: Gesendet = 1, Empfangen = 0, Verloren = 1
    (100% Verlust)

    or 

    Ping wird ausgeführt für 192.168.75.5 mit 32 Bytes Daten:
    Zeitüberschreitung der Anforderung.
    Zeitüberschreitung der Anforderung.
    Zeitüberschreitung der Anforderung.

    Ping-Statistik für 192.168.75.5:
    Pakete: Gesendet = 3, Empfangen = 0, Verloren = 3
    (100% Verlust)

  • 0 in reply to Marcel Ruch

    Thanks for the info.

    Where are you executing the ping command?

  • 0 in reply to Marcel Ruch

    Hi  

    Please login to SSH access of the device and select option 4. Device console and execute the command

    tcpdump 'host <IPaddress of the SSL VPN client> 

    Initiate the traffic and share the output

  • 0 in reply to lferrara

    Both sides. I liked to show you that the ping is working from client side to XG LAN side, but not from XG LAN side to client side.

Reply Children
No Data