Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 5309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Access to SSL Client side

Marcel Ruch

There is a SSL VPN client connection to a Sophos XG Firewall. The Connection is fine. From the client side i get access to the XG Firewall local LAN. Now i need also access from XG Firewall local LAN to the Client LAN.

I have two Firewall Rules.

- VPN to LAN
- LAN to VPN

What else do I need.

Thank's  community.



This thread was automatically locked due to age.
Parents
  • 0

    Marcel,

    did you follow this kb?

    https://community.sophos.com/kb/en-us/122769

    You only need VPN to LAN and not vice-versa.

    Regards

  • 0 in reply to lferrara

    Yes, i folllowed exactly this kb. As i said. Access from Client LAN to local LAN (XG side) is possible. But i need also access from local LAN to Client LAN.

  • 0 in reply to Marcel Ruch

    Marcel,

    Can you explain a bit better? Do you need to access a lan that is behind a S2S vpn?

  • 0 in reply to lferrara

    Ok. Let's try to explain.

    ---------------------------------------------        VPN SSL Connection    -----------------------------------------------

    | SSL VPN Client, LAN 192.168.75.0/24 |  <-------------------------> | XG Firewall, local LAN 192.168.11.0/24 |

    ---------------------------------------------                                         -----------------------------------------------

    Access from Client LAN to XG Firewall local LAN is ok.

    MANAGEMENT: >STATE:1580996743,CONNECTED,SUCCESS,10.81.234.6,46.14.83.102,8443,192.168.75.223,58254

    Ping wird ausgeführt für 192.168.11.101 mit 32 Bytes Daten:
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127
    Antwort von 192.168.11.101: Bytes=32 Zeit=21ms TTL=127

    Ping-Statistik für 192.168.11.101:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
    Ca. Zeitangaben in Millisek.:
    Minimum = 21ms, Maximum = 21ms, Mittelwert = 21ms

     

    But i don't have access from XG Firewall local LAN to VPN Client LAN.

     

    Ping wird ausgeführt für 10.81.234.6 mit 32 Bytes Daten:
    Zeitüberschreitung der Anforderung.

    Ping-Statistik für 10.81.234.6:
    Pakete: Gesendet = 1, Empfangen = 0, Verloren = 1
    (100% Verlust)

    or 

    Ping wird ausgeführt für 192.168.75.5 mit 32 Bytes Daten:
    Zeitüberschreitung der Anforderung.
    Zeitüberschreitung der Anforderung.
    Zeitüberschreitung der Anforderung.

    Ping-Statistik für 192.168.75.5:
    Pakete: Gesendet = 3, Empfangen = 0, Verloren = 3
    (100% Verlust)

  • 0 in reply to Marcel Ruch

    Thanks for the info.

    Where are you executing the ping command?

  • 0 in reply to Marcel Ruch

    Hi  

    Please login to SSH access of the device and select option 4. Device console and execute the command

    tcpdump 'host <IPaddress of the SSL VPN client> 

    Initiate the traffic and share the output

  • 0 in reply to lferrara

    Both sides. I liked to show you that the ping is working from client side to XG LAN side, but not from XG LAN side to client side.

  • 0 in reply to Keyur

    Here is the tcpdump result:

    console> console> tcpdump 'host 192.168.75.223'
    % Error: Unknown Parameter 'console>'
    console> tcpdump: Starting Packet Dump
    % Error: Unknown Parameter 'tcpdump:'
    request, id 1, seq 211, length 40.38 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:23.222963'
    equest, i d 1, seq 211, length 40.38 > 192.168.75.223: ICMP echo r
    % Error: Unknown Parameter '08:37:23.223015'
    request, id 1, seq 211, length 40102 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:23.223304'
    request, id 1, seq 212, length 40.38 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:28.079108'
    equest, i d 1, seq 212, length 40.38 > 192.168.75.223: ICMP echo r
    % Error: Unknown Parameter '08:37:28.079120'
    request, id 1, seq 212, length 40102 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:28.079410'
    request, id 1, seq 213, length 40.38 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:33.079425'
    equest, i d 1, seq 213, length 40.38 > 192.168.75.223: ICMP echo r
    % Error: Unknown Parameter '08:37:33.079441'
    request, id 1, seq 213, length 40102 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:33.079738'
    request, id 1, seq 214, length 40.38 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:38.079755'
    equest, i d 1, seq 214, length 40.38 > 192.168.75.223: ICMP echo r
    % Error: Unknown Parameter '08:37:38.079765'
    request, id 1, seq 214, length 40102 > 192.168.75.223: ICMP echo
    % Error: Unknown Parameter '08:37:38.080040'

  • 0 in reply to Marcel Ruch

    Hi  

    When you log in to console, you will get the prompt as console>, you do not have to type it, 

    Please refer to the article-  https://community.sophos.com/kb/en-us/123567

Reply Children