Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote SSL VPN not connecting

mh3000

Hello everyone, 

We have recently deployed a new appliance Sophos XG 135 with its basic configuration.

Now we are trying to make SSL VPN for remote users work. 

But we are getting this error in the client side when trying to connect, even before beign prompted form credentials:

Options error: --nobind doesn't make sense unless used with --remote
Use --help for more information.

We have configured from the GUI this items so far:

A. SSL VPN groups and users: user from a OU currently imported from Active Directory groups and users

B. IP host defined for local subnet.

C. Remote SSL VPN policy: 

- Policy members: imported OU

- Permited network resources: local subnet

D. Authentication services: 

- SSL VPN Authentication Methods: Local and Active Directory Server

- Firewall Authentication Methods: Local and Active Directory Server

E. Allowed zones for SSL VPN

LAN: SSL VPN (check), User Portal (check)

WAN: SSL VPN (check), User Portal (check)

F. VPN Settings: default (Ip lease range: 10.81.234.5 - 10.81.234.55... etc)

G. Firewall Rule

Action: Acept

Rule Position: Top

Source Zones: VPN

Source Networks and Devices: any

Destination Zones: LAN

Destination networks: Local subnet

Match known users (check): Active Directory OU

*Other settings were left default

Any advise about what can I check? (logs, settings)

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    First of all, I'd suggest you try to connect one local user over SSL Remote VPN to see if that works.

    I would advise you to put the access_server process in debugging, replicate the issue and provide access_server logs in debugging. 

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debugging, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    First of all, I'd suggest you try to connect one local user over SSL Remote VPN to see if that works.

    I would advise you to put the access_server process in debugging, replicate the issue and provide access_server logs in debugging. 

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debugging, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Thanks,

Children
No Data