Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access SSL VPN Not Able to Access Local Windows Network Shares

Sophos User904

Hello, New Sophos XGS user.  I must be missing something obvious in trying to configure a remote access SSL VPN.   I have been through the Sophos videos and many articles on this site but still can not figure it out.  When ever I have made changes to the config, I have downloaded a new config file for the vpn client.  User names/passwords on the firewall are the same as their AD logins.

XGS2300 Firewall - SFOS 18.5.1 MR-1-Build326

LAN 192.168.1.0/24

WAN 24.123.131.166

VPN IPs 10.81.234.5 - 254

Server is Windows Domain

Users are authenticating at the firewall. 

I can connect to the VPN but cannot ping or access any local server shares.  I even tried setting up the "Clientless Access" and while the link to the share appears on the users sign in webpage,  it cannot connect to the share either.  Shares work fine when connected directly to the local network.  

Thank you for any help you can provide.  



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    I would recommend you to do a Ping and see if the Ping is arriving to the XG using a GUI a Packet Capture.

    If you see traffic arriving, confirm the Firewall rule hitting is the correct one, if it is, then go to the Advanced Shell of the XG (Putty 5>3), and do a TCPdump on the interface of the computer you are trying to Ping, for example, if the device is on the Port1 with IP 192.168.0.100, your TCPdump would be

    #tcpdump -eni Port1 host 192.168.0.100 and proto ICMP

    If you see the Ping leaving the Port1 and not receiving any reply, check the computer's destination Firewall.

    However, most likely your issue is that 192.168.0.x is a common home network, so the traffic isn’t going through the tunnel since the subnet might be overlapping with the one from the users home.

    Regards,

Reply
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    I would recommend you to do a Ping and see if the Ping is arriving to the XG using a GUI a Packet Capture.

    If you see traffic arriving, confirm the Firewall rule hitting is the correct one, if it is, then go to the Advanced Shell of the XG (Putty 5>3), and do a TCPdump on the interface of the computer you are trying to Ping, for example, if the device is on the Port1 with IP 192.168.0.100, your TCPdump would be

    #tcpdump -eni Port1 host 192.168.0.100 and proto ICMP

    If you see the Ping leaving the Port1 and not receiving any reply, check the computer's destination Firewall.

    However, most likely your issue is that 192.168.0.x is a common home network, so the traffic isn’t going through the tunnel since the subnet might be overlapping with the one from the users home.

    Regards,

Children
No Data