Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1397 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to access admin console and user portal from IPSec (remote access) VPN connection

snpz

Hi everybody.

I setup the Sophos Connect client today (we were using SSL-VPN before) and connection to internal lan works great. (webservers, sql, all that)

The issue is - I can't access the Web interface of the Sophos. Neither the User Portal nor the Admin Console. This worked without issues when connecting via SSL-VPN.

I read through a lot of posts already but did not find a solution as the usual answers did not help. (e.g. forgetting the Device Access Page)

Given is:

* Sophos XG 210 running SFOS 18.0.4 MR-4

* In VPN configuration our LAN IP-range is under permitted access, which also includes the LAN-IP of the Sophos (10.1.10.0/255.255.255.0)

* There is also a rule allowing traffic from LAN and VPN to LAN and VPN (all other services, including intranet, is working)

* HTTPS and User Portal are enabled under Administration/Device Access for VPN Zone (as stated: it worked with Remote SSL before)

* I'm able to connect via SSH without issues over the VPN connection

10.1.10.254 is the LAN-IP of the Sophos

172.17.17.101 is my VPN-IP

I captured traffic and it is showing the following:

If anyone has an idea that would be greatly appreciated.

Currently I'm just connecting to a server via RDP and open the Admin Console from there, but it bothers me to not know why it does not work from my laptop directly.

Thanks in advance,

Steffen



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to LuCar Toni

    Thanks a lot for your answer! I played around with the MTU for the Sophos TAP Adapter following this link:

    www.sevenforums.com/.../94721-mtu-limit-test-change-your-connections-mtu-limit.html

    I tried the ping test described in the link - MTU 900 did not work - 800 did. I then updated the MTU of my local adapter and yeah - it suddenly works and I can open the Admin Console in my browser again.

    But: it does not seem right to reduce the MTU to be honest, what about all the other traffic flowing through the VPN. Won't it make the connection more slowerish? (also that needs to be setup for each client...) Are you aware of an existing bug report/issue for this?

    I haven't setup the SSL-VPN anymore unfortunately, but shouldn't this issue exist there too if it depends on the (virtual) VPN-Adapter? I'm not that deep into networking to be honest. Just managing what I need to at work. Slight smile

Children