Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1966 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to connect to a static route through my VPN

Jean-Pierre Human

Hi All,

One of my clients have a XG firewall with SSL VPN(Remote) setup on it. When connected to the VPN I can access the entire network with no issue.

They then have a system on the network that connects them to another IP range to access their software. This device is plugged into the switch on the network and we have to add that route with a cmd command on every PC on the network to access the software. We added the static route on the firewall but the connection is too unstable then.

What I want to know is, how do we setup the firewall to route the traffic to the external device while we are connected to the VPN?

Port1: WAN(200.244.x.x.)

Port3: LAN(192.168.x.x)

VPN(10.x.x.254)

Static Route(10.168.197.x) not connected to the firewall

Please assist



This thread was automatically locked due to age.
  • 0

    Hello Jean,

    Thank you for contacting the Sophos Community!

    Have you try adding the Subnet to the SSL VPN in the XG, and then add the Static route in the XG to route that traffic to the network.

    Regards,

  • 0 in reply to emmosophos

    Hi

    Yes, the subnet is under accessible networks on the SSL VPN with the static route added on the XG.

    I think the problem might be that we are trying to connect to a VPN through a VPN, it looks like the XG is not allowing the traffic.

  • 0 in reply to emmosophos

    Would it be possible to add the VPN subnet directly to one of the ports on the XG and route the traffic through the port?

    IE remove the VPN unit from the switch and connect it to the XG on a open port and set it up to route VPN traffic to the LAN port. One other problem I see is that the VPN unit uses a gateway that is connected to my LAN, so there is 2 gateways running on the same network range.

  • 0 in reply to Jean-Pierre Human

    Hello Jean,

    I think the problem would be solved or you should try fixing the Gateway issue as having to GW on the same network range will cause routing issues for the client.

    Do you have a sketch of the Network?

    Regards,

  • 0

    Hi Jean-Pierrre, I had something similar to this also this week. I needed normal internet traffic to go out on the remote users internet connection, and to route specific traffic over the VPN to our internal network.

    To do this, I had to tell the XG what traffic I wanted routing internally.

    so VPN > SSL VPN > open the profile > scroll down to Tunnel Access. 

    I added a permitted Network  - (you'd add in here the (10.168.197.x range)

    once you add this in, it will automatically add the routes to the users PCs. 

    I take it your firewall already knows how to deal with this 10.168 range on your LAN so it knows where to forward the traffic?