Can't access Azure resources over SSL-VPN

Question

Hi, 
 
 I'm having an issue where I can't access Azure resources when connected to the SSL-VPN. I have a site to site tunnel to Azure and can access the servers fine on the LAN and when I connect to the SSL-VPN I can access internal resources directly connected to the Sophos XGs LAN but not the remote Azure resources. 
 I've tried adding the Azure network onto the permitted network resources for the SSL-VPN and I've added the SSL-VPN range into the Site to site connection on both the XG and Azure end but still no success. I amended the automatically created rule for traffic going down the site to site tunnel, to include the SSL-VPN range but no success so far. 
 
 Thanks! 
 Sam

emmosophos · Answer

Hello Sam, 
 Thank you for contacting the Sophos Community! 
 Is the SA for the SSL VPN up in the site-to-site? 
 Can you do a tcpdump on the ipsec to see if you see the traffic going into the IPsec. 
 # tcpdump -eni ipsec0 host x.x.x.x (SSL VPN IP of computer trying to access the resource on Azure) 
 Or you can also use the Packet capture utility in the XG. 
 Regards,

Can't access Azure resources over SSL-VPN

Top Replies