Sophos XG s2s vpn - offiste Domain Controller for authentication ssl vpn

Question

Hello all, 
 we have a nearly exact setup which is described in the below link. So we have s2s ipsec vpn tunnel between two sophos XGs. 
 https://support.sophos.com/support/s/article/KB-000035830?language=en_US 
 
 We did this configuration to be able to configure the offsite AD domain controller for authentication. After the configuration the configuration seems to be fine and we were able to configure the domain controller as an authentication server but now the clients in the branch office are not able to reach the domain controller any longer. 
 Is there someone who could imagine what I did wrong? 
 Many many thanks in advance!

genbreit · Accepted Answer

Hi H_Patel, 
 thank you very much for your answer. In the meantime I had a call with a support engineer and he helped me to determine the problem. 
 The problem was a missconfiguration regarding the firewall rules. As the sophos XG is a zonebased firewall rule he told me it is recommended to define the zones like LAN or VPN instead of using ANY and then defining the networks.

FormerMember · Answer

Hi genbreit , 
 Thanks for reaching out to the Community! 
 Would it be possible for you to provide the network diagram and the details about the added system routes? 
 Also, check if Client authentication is selected for the VPN zone under Administration > Authentication services? 
 When you try to access the AD server from the branch office firewall, do you see the traffic arriving on the head office firewall? 
 Thanks,

Sophos XG s2s vpn - offiste Domain Controller for authentication ssl vpn

Top Replies