Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 579 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dual WAN SSL VPN 17.5.12 MR-12.

Jae Lupo

Hi,

I am currently running 17.5.12 MR-12 with remote users using SSL VPN over a single WAN connection.  Clients connect with the Sophos SSL VPN Client and everything works great.  We installed a new fiber circuit and I need to migrate about 70 remote users over to the new circuit (with different public IP of course).  I wanted to do this slowly migrating users to the new circuit to test it and work in a controlled fashion with both circuits running.  For the life of me I can see a way to create a new SSL VPN connection to connect to the new WAN interface.  Is this not possible or am I missing something?  Thanks.

Jae



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jae,

    Thank you for contacting the Sophos Community.

    When a user Downloads the SSL VPN and if Override hostname isn’t selected, then SSL VPN will list all the main IP WAN interfaces (and the rest of the interfaces)in the configuration file.

    You could manually in the configuration file for the test user remove the Public IP  that you don't want the SSL VPN to connect to and just leave the one you want to test.

    But currently to configure User1 to connect to SSL VPN with Public IP x.x.x.x and user2 to connect to SSL VPN with Public IP y.y.y.y from the GUI  isn’t possible. 

    Regards,

  • 0 in reply to emmosophos

    Thank you Emmanuel for the info.  I thought I was crazy.  I actually tried to modify the SSL config file with the second gateway and it would not connect.  At the end of the config file it shows the following (xxx added for protection).  So I replaced the first entry with the new Public IP and no luck.  Did I do something wrong or is there another way to do this?  Thanks.

    remote 76.80.xxx.xxx 8443
    remote 66.209.xxx.xxx 8443
    remote 192.168.1.1 8443
    remote 10.255.0.1 8443

  • FormerMember
    +1 FormerMember in reply to Jae Lupo

    This config should work. After these changes were made While connecting the SSL VPN from the machine, do you see the logs where the SSL VPN attempts to connect to your newly added WAN IP? Share the snapshot or the log lines if possible.

    However, If you see the application tries to connect to the new WAN IP but fails, Please take a GUI capture on the Source IP (WAN IP of VPN Machine) and port 8443 (or any manual port if configured)

          Enter the BPF string : host x.x.x.x and port 8443   (replace x.x with remote machine's pub IP)

    Try to connect the VPN and verify whether the traffic is hitting the firewall or not.

  • 0 in reply to FormerMember

    Thank you both this worked.  I removed the two remote public server IPs and added the new one.  Then I exited the VPN client, started it again and it connected to the new IP.

Reply Children
No Data