I am using XG210 (SFOS 18.0.5 MR-5-Build586) and Sophos Connect 2.1.20.
SSL VPN and IPSEC VPN for Remote Access is configured as "use as default gateway" forcing all remote traffic through the XG.
Remote users are able to access LAN resources, that's working.
We have an application server behind the XG on the LAN that cannot be accessed when remote users are connected to VPN. Let's call that server FQDN example.com
I push our internal DNS server to VPN users so that local domain names can be resolved. While connected to VPN, nslookup reports our internal DNS is resolving example.com to the XG public IP. This would be the same nslookup if the user was not connected to VPN and using google DNS.
But, when VPN is connected, the example.com page never loads. The example.com request goes to the XG because its setup as default gateway. In log viewer I don’t see traffic from VPN client IP address to XG public IP.
I have a firewall rule from VPN to WAN and another from VPN to LAN.
I have a DNAT rule:
Original source: VPN_SUBNET
Original destination: XG PUBLIC IP
Original service: HTTP
SNAT: MASQ
DNAT: APPLICATION_SERVER_IP
Access to the application server from remote VPN by private IP works.
Any ideas?
This thread was automatically locked due to age.
