Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 875 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Make a NAT rule to the 1723 port

manu

Hello, I'm trying since yesterday to make a NAT rule in my Sophos XG interface in order to connect to my VPN server. I precise that my Sophos XG is behind another router who gives him the WAN access. That's why my WAN IP in the rule is 10.69.1.202. Here is two screenshots of my rule configuration. For me, all is ok but it doesn't work. The VPN server is well configured : I manage to access it by the LAN subnet but as soon as I use the WAN IP (10.69.1.202) to connect it doesn't work. Hopefully you'll understand better than me because I'm a beginner. And sorry for my English.



This thread was automatically locked due to age.
Parents
  • 0

    1723 is pptp vpn. you also need gre protocol. I would not try transfering gre and 1723 through a firewall. I understand you have a router that is not sophos, and this is your wan for the sophos ? so you are nat behind nat ? to complicated to manage such a topology. if it is a must, use sophos as your vpn server by implementing ssl vpn on it.

  • 0 in reply to Hayim Caspy

    Hello and thanks for answering. I already tried to use sophos as vpn server but I couldn't download the vpn client so I stopped. Anyway, it should be possible to connect to the VPN just by modifying something in the NAT rules. The machine which try to connect to the VPN is behind the same router than the sophos. So it's not supposed to be so much complicated because I just have to cross the Sophos firewall and not the one of my router. By the way I also tried to make a NAT rule to allow connections on the 3389 port of the VPN server machine and there again, I couldn't make it working passing by the WAN while it was all ok by the LAN access. If you have any idea ... 

  • 0 in reply to manu

    you need the 8443 port for the client to be open in the frontend firewall.

  • 0 in reply to Hayim Caspy

    Why ? I don't understand. Anyway I deactivated the firewall on my VPN server and on the machine which is connecting so the 8443 port should be open no ? Thanks for helping me, hopefully we'll find a way to solve this issue.

Reply Children