Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Remote Access VPN can't reach Office Site from Remote Site

Falko Rudolf

Hi,
I setup a SSL Remote Access VPN on our Sophos XGS107 using the "Sophos XG Firewall: How to configure SSL VPN remote access" guide.
But unfortunately I can only connect to the tunnel but can't reach any devices that are at the "Office Site".
I've already successfully checked if the "Office Site's" client is reachable via ICMP from the XGS Firewall.
According to the "policy test" of the XGS Firewall the LAN side is also reachable from the VPN tunnel address range.

Other things that are setup on the XGS Firewall are 5 VLANs and Zones including the necessary firewall rules.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Please ensure that you've added correct hosts/networks under 'Permitted network resources (IPv4)' of the SSL VPN policy.

    Also please confirm that VPN to LAN firewall rule is configured on the firewall.

    If above settings are fine, then you can check packet capture on Sophos Firewall.

    ==> Go to Diagnostics > Packet capture

    ==> Enter BPF string: host 172.16.0.20 and proto ICMP

    ==> Start the capture and then try to ping 172.16.0.20 from the end machine connected with SSL VPN.

    It would be great if you share packet capture and configuration snapshots here or in PM.

  • FormerMember
    0 FormerMember in reply to FormerMember

    As discussed in PM, the issue got resolved after applying a SNAT policy(MASQ) on VPN to LAN firewall rule.

Reply Children
No Data