Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1016 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG V18 Users on VPN unable to use RDP to connect to internal computers

Luis Londono

Already submitted a ticket to support and waiting a call back, but in the mean time I wanted to submit on here and see if anyone has any guidance.

 

I updated our XG fw to v18 from 17.5 this weekend and everything seemed to migrate just fine until come this morning. Users that are on the Sophos Connect VPN Client are unable to RDP into internal computers/sites. In the TCPdumps/packet captures I am showing the traffic is coming through correctly and the users are prompted to enter their passwords but when they do it just doesnt connect. They are able to ping successfully. The packet captures are below, host 10.10.8.151 is the internal PC, the 192.168.63.110 is the VPN client IP. Any one have any ideas?

 

 

XG310_WP02_SFOS 18.0.1 MR-1-Build396# tcpdump "host 10.10.8.151 and proto ICMP"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
10:00:30.815526 ipsec0, IN: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 7, length 40
10:00:30.815790 ifb0, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 7, length 40
10:00:30.815791 Port5, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 7, length 40
10:00:30.815985 Port5, IN: IP PC-XXXX > 192.168.63.110: ICMP echo reply, id 1, seq 7, length 40
10:00:31.820531 ipsec0, IN: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 8, length 40
10:00:31.820577 ifb0, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 8, length 40
10:00:31.820589 Port5, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 8, length 40
10:00:31.820744 Port5, IN: IP PC-XXXX > 192.168.63.110: ICMP echo reply, id 1, seq 8, length 40
10:00:32.829549 ipsec0, IN: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 9, length 40
10:00:32.829637 ifb0, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 9, length 40
10:00:32.829640 Port5, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 9, length 40
10:00:32.829794 Port5, IN: IP PC-XXXX > 192.168.63.110: ICMP echo reply, id 1, seq 9, length 40
10:00:33.845603 ipsec0, IN: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 10, length 40
10:00:33.845644 ifb0, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 10, length 40
10:00:33.845646 Port5, OUT: IP 192.168.63.110 > PC-XXXX: ICMP echo request, id 1, seq 10, length 40
10:00:33.845802 Port5, IN: IP PC-XXXX > 192.168.63.110: ICMP echo reply, id 1, seq 10, length 40

XG310_WP02_SFOS 18.0.1 MR-1-Build396# tcpdump "host 10.10.8.151 and port 3389"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
10:06:12.654673 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [S], seq 3020811765, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
10:06:12.654975 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [S], seq 3020811765, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
10:06:12.655167 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56366: Flags [S.], seq 164427764, ack 3020811766, win 64000, options [mss 1460,nop,wscale 0,nop,nop,sackOK
], length 0
10:06:12.676163 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:12.676314 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:12.676317 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:12.678163 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:12.678368 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:12.678370 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:12.687266 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56366: Flags [P.], seq 1:20, ack 48, win 63953, length 19
10:06:12.751171 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 20, win 515, length 0
10:06:12.751275 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 20, win 515, length 0
10:06:12.751278 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [.], ack 20, win 515, length 0
10:06:17.156259 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.173968 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 256, length 178
10:06:17.173971 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 256, length 178
10:06:17.175404 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56366: Flags [P.], seq 20:1257, ack 226, win 63775, length 1237
10:06:17.175916 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 226:233, ack 1257, win 256, length 7
10:06:17.175919 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 226:233, ack 1257, win 256, length 7
10:06:17.176234 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56366: Flags [R.], seq 1257, ack 233, win 0, length 0
10:06:17.183940 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [R.], seq 233, ack 1257, win 256, length 0
10:06:17.183946 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [R.], seq 233, ack 1257, win 256, length 0
10:06:17.396710 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.396788 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.396790 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.691221 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.691281 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:17.691283 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:18.291225 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:18.291280 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:18.291283 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:19.491744 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:19.491834 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:19.491836 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:21.891763 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:21.891839 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:21.891841 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:26.692811 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:26.692897 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:26.692900 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.293431 ipsec0, IN: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0
10:06:36.293490 ifb0, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0
10:06:36.293492 Port5, OUT: IP 192.168.63.110.56366 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0
10:06:36.306412 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [S], seq 790004413, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
10:06:36.306702 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [S], seq 790004413, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
10:06:36.306705 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [S], seq 790004413, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
10:06:36.306909 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56406: Flags [S.], seq 1211742644, ack 790004414, win 64000, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
10:06:36.329415 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:36.329569 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:36.329571 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [.], ack 1, win 515, length 0
10:06:36.331419 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:36.331656 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:36.331659 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 1:48, ack 1, win 515, length 47
10:06:36.338310 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56406: Flags [P.], seq 1:20, ack 48, win 63953, length 19
10:06:36.363417 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.373912 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 256, length 178
10:06:36.373915 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 256, length 178
10:06:36.375395 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56406: Flags [P.], seq 20:1257, ack 226, win 63775, length 1237
10:06:36.375735 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 226:233, ack 1257, win 256, length 7
10:06:36.375738 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 226:233, ack 1257, win 256, length 7
10:06:36.376031 Port5, IN: IP PC-XXXX.3389 > 192.168.63.110.56406: Flags [R.], seq 1257, ack 233, win 0, length 0
10:06:36.384894 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [R.], seq 233, ack 1257, win 256, length 0
10:06:36.384899 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [R.], seq 233, ack 1257, win 256, length 0
10:06:36.597438 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.597564 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.597567 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.897440 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.897503 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:36.897506 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:37.497932 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:37.498013 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:37.498016 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:38.698938 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:38.699021 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:38.699024 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:41.098969 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:41.099051 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:41.099054 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:45.899173 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:45.899294 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:45.899296 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [P.], seq 48:226, ack 20, win 515, length 178
10:06:55.499621 ipsec0, IN: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0
10:06:55.499700 ifb0, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0
10:06:55.499703 Port5, OUT: IP 192.168.63.110.56406 > PC-XXXX.3389: Flags [R.], seq 226, ack 20, win 0, length 0



This thread was automatically locked due to age.
Parents Reply
  • +1 in reply to FormerMember

    @H_Patel 

    The support representative thankfully was able to figure it out. 

    The Sophos Connect to LAN rule that I had on v17 did not have NAT configured on it so in the upgrade it did not create a NAT policy. Once one was created and configured to source MASQ it is working now.

     

     

Children
  • 0 in reply to Luis Londono

    Thank you so much for posting this.  Struggled with the same issue with Sophos Connect.

    Problem was it wasn't logged very well as to what was going on.  Disabling DPI entirely worked; bypass rule to force proxy didn't.

    This simple NAT rule worked like a charm!