Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 722 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with SSL VPN v18 Sophos XG

Luana Farias

Hi all,

After we upgrade our Sophos to version 18 our VPN SSL stop to communicate with our internal network and stop to navigate in internet.

We use gateway on SSL VPN, but strangely, the firewall does not distribute a gateway to the SSL VPN range.

I can't ping anything from the SSL VPN network to the internal network or surf the internet.
Can you help me?


This thread was automatically locked due to age.
Parents
  • 0

    Hello Luana,

    Thank you for contacting the Sophos Community!

    If you check under the /log/sslvpn.log while a user is connecting, what is the output of the log?

    Do you see the following entry:

    Wed Nov 18 16:14:19 2020 [6231] emmanuel/::ffff:72.143.231.245 SENT CONTROL [emmanuel]: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 192.168.15.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,ifconfig 10.81.234.6 255.255.255.0' (status=1)

    Regards,

  • 0 in reply to emmosophos

    Hello Emmanuel,

    My log: Thu Nov 19 10:31:23 2020 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.200.3.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,redirect-gateway def1,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 10.100.3.1,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN mydomain-local.com.br,ifconfig 10.200.3.6 255.255.255.0'

  • 0 in reply to Luana Farias

    Hello Luana,

    Thank you for the Log.

    It does seems the XG is sending the route!

    Can you have a user connect to the SSL VPN, and can you do a tcpdump on the XG and then ask the user to access one the subnets behind the XG and I think you are using full tunnel so have him to try to ping 8.8.8.8

    # tcpdump -eni tun0

    Regards,

Reply
  • 0 in reply to Luana Farias

    Hello Luana,

    Thank you for the Log.

    It does seems the XG is sending the route!

    Can you have a user connect to the SSL VPN, and can you do a tcpdump on the XG and then ask the user to access one the subnets behind the XG and I think you are using full tunnel so have him to try to ping 8.8.8.8

    # tcpdump -eni tun0

    Regards,

Children
No Data