VPN SSL connection - Azure and other remote connections

Question

Hi all :), 
 We are having an issue with VPN SSL connections. 
 We have 3 main offices connected using IPsec connections. This 3 main offices are connected to a Azure BD using also a IPsec connection. Locally, all works fine: all the main offices have connection between them and with Azure. 
 When the users connect remotely to their office to work remotely, they have access to the their office range but not with another one. The pool of ranges are included in the tunnel specifications. The main problem is that they can't access to connect to the Azure BD and can't work 100% remotely. 
 
 Thanks!

emmosophos · Answer

Hello Jose, 
 Thank you for contacting the Sophos Community! 
 Can you confirm that the AZURE ranges are included in the SSL VPN Allowed Networks, also please add the SSL VPN subnet in the IPsec as Local Network and on Azure as remote Subnet. 
 If you see the SA is up, and there is no traffic, make sure you have a VPN to VPN rule set with ANY. 
 Also, confirm the traffic that is going to Azure, is arriving to the XG and then the XG is sending it to Azure via the IPsec tunnel, for this please use the packet capture in the GUI of the XG. (Monitor & Analyze >> Diagnostics >> Packet Capture >> Configure >> Enter BPF String = host x.x.x.x (where x.x.x.x = the IP of a host in Azure) 
 Regards,

VPN SSL connection -> Azure and other remote connections

Top Replies