This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSSL VPN and external to internal route

We have setup and are successfully using SSL VPN with clients. The issue I am having relates to an 3rd party service we are using. The service uses a site to site VPN connection from within our network to theirs. Per their instructions, on my main router, I have a route statement to point their public address block to the private internal address of the VPN device in our network. This works fine within in the network, however, it does not work remotely via VPN. I have tried to modify my policy to use the VPN as the default gateway, but it still does not work. I'm not sure the traffic gets to my main router as it it is all served from the Sophos box. Do I need to add a route statement on the Sophos box so the VPN traffic knows to use the internal address. Any help is appreciated.

This thread was automatically locked due to age.

Parents

0 FormerMember over 5 years ago
Hi tomrgsd

Thank you for reaching out to the Community!

Is there site to site IPsec VPN configured from XG to the third-party network? Are you trying to route SLL VPN traffic through the site to site VPN?

Could you provide a network diagram or configuration detail of your site to site VPN?

I would advise you to check the following KB Articles and let us know if it applies to your scenario.

Sophos XG Firewall: How to configure access for SSL VPN remote users over an IPsec VPN

Sophos XG Firewall: How to allow Remote Access SSL VPN traffic over existing IPsec tunnel without modifying the IPsec tunnel

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 5 years ago
Hi tomrgsd

Thank you for reaching out to the Community!

Is there site to site IPsec VPN configured from XG to the third-party network? Are you trying to route SLL VPN traffic through the site to site VPN?

Could you provide a network diagram or configuration detail of your site to site VPN?

I would advise you to check the following KB Articles and let us know if it applies to your scenario.

Sophos XG Firewall: How to configure access for SSL VPN remote users over an IPsec VPN

Sophos XG Firewall: How to allow Remote Access SSL VPN traffic over existing IPsec tunnel without modifying the IPsec tunnel

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 tomrgsd over 5 years ago in reply to FormerMember

There is not a site to site from our network to the 3rd party device. They have The only way traffic gets their is via the route statement in my router which basically says anything going to [3rd party Public IP Range] go to [Internal Private IP address]. I requested the IP range of the XG VPN address to be in the allowed range on their device and they indicated that was changed. I suspect though, that the my client SSL VPN traffic is hitting the Sophos XG and not directed to the router, it just tries to go out to the internet which does not work.
Cancel
Vote Up 0 Vote Down

Cancel
0 Hardik_R over 5 years ago in reply to tomrgsd

Hello tomrgsd

Can you share the screen shot of route statement for "my router which basically says anything going to [3rd party Public IP Range] go to [Internal Private IP address]."

Is that route added in XG firewall within static route? is it interface route or gateway route?

If you suspect that the client SSL VPN traffic is hitting the Sophos XG and not directed to the router then probably there is no routes configured on XG for [3rd party Public IP Range] to be forwarded to your internal private IP address/router.

A network diagram would be helpful to understand your network.
Cancel
Vote Up 0 Vote Down

Cancel