Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 890 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 135 VPN Issues

Alan Spark

I am working offsite and successfully setup the XG 135 at home before it was shipped onsite, for installation by a colleague. We had an attempt to put it online but had to abandon this due to VPN issues, so now we are considering how to debug the problem. I thought I'd post here in case there are any ideas.

We have two broadband connections, and I configured a WAN port for each. One is our primary broadband and the other is the backup. Initially we connected the secondary broadband connection (physical port 4) and I was able to connect to the VPN through it. We then proceeded to connect the primary broadband connection (physical port 2) and received an email notification that it was online. However, we were unable to connect to the VPN through this broadband connection, and furthermore it was no longer possible to connect to the VPN through the secondary connection.

Due to time pressures we had to give up and will likely have to schedule another attempt at a quiet time. In the meantime it may be possible to run some tests in isolation if we connect to the secondary broadband connection only.

The WAN uses a subnet of /29 (255.255.255.248) with a static IP whilst the secondary WAN also has a static IP on subnet /24 (255.255.255.0). We are using SSL VPN and the Sophos Connect client.

I would appreciate any suggestions about what may have caused the connection of another WAN port to stop VPN from working at all. We did try rebooting the UTM but that didn't make any difference.

 



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out to the Community!

    Did you download the SSL VPN configuration from the user portal or using a provisioning file with Connect Client? 

    Did you make any changes to VPN > Show VPN Settings > SSL VPN > Override hostname? 

    Would it be possible for you to share the configuration screenshots? 

    Thanks,

  • 0 in reply to FormerMember

    Hi Harsh,

    The SSL VPN file was downloaded from the user portal.

    Yes, I did modify the "override hostname" field to be the IP address of our main gateway during initial configuration, but it has not been changed since. Note that I was able to connect using these settings and the same config file when our secondary gateway (port 4) was physically connected but the primary (port 2) was physically disconnected.

    I am unable to share any screenshots as I don't have access to the device at the moment.

    Regards,

    Alan

  • 0 in reply to FormerMember

    Hi ,

    We are planning to have another attempt at this in the very near future.

    Initially we will connect the secondary gateway as before and verify that it still works, then I expect to encounter the same issue when we connect the primary gateway. At that point after verifying the VPN settings our plan is to disconnect the secondary gateway and try the VPN with only the primary connected.

    I would appreciate it if you have any other debugging suggestions that you can recommend.

    Regards,

    Alan

  • 0 in reply to Alan Spark

    Hello Alan,

    Is it possible for you to test only with one computer, before your main test, connectivity to the other link? See if you see the packets arriving at the Firewall, you can do a tcpdump

    # tcpdump -eni PortX port xxx (Substitute the X PortX for the Interface number of the backup line and port the port used to connect to the SSL VPN (Configure >> VPN >> Show VPN settings >> SSL VPN settings >> Port)  and/or IPsec (500) 

    Regards,

  • 0 in reply to emmosophos

    Thanks Emmanuel,

    I think this could be possible, I will keep it in mind.

    Alan