Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 643 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG450: Multiple SSL VPN to Single Firewall

Ben Sel

I have an existing xg450 firewall

It was already pre-configured for SSL / IPSec VPN connection for the "company users"

I want to create a SSL/IPSec client VPN connection to this firewall from a "non-company user"

         Using "different public IP address" and accessing only its DMZ network

         It is either the two, thru SSL or IPSec VPN connection

Company VPN User used "public IP address #1" and connected to LAN only

Non-Company VPN User must used separate "public IP address #2" and connected to DMZ only

How to do this? I tried several but the existing configuration was affected by the settings I made.



This thread was automatically locked due to age.
Parents
  • +1

    IPsec will not be possible. IPsec can only be bound to one IP.

    SSLVPN will open on all ports, therefore you can connect to all ports. You need to manually overwrite the "Override Hostname". in the OVPN. 

  • 0 in reply to LuCar Toni

    Hi LuCar,

    What if they say, they are already using all VPN connection such as the IPSec, SSL, and L2TP for their client vpn connection.

    Is there any other way that we can use for our connection for non-company user?

           Currently, all company user used IPSec, SSL and L2TP for client vpn

           We (Non-Company User) wants to use this also, connecting to DMZ network and not LAN network.

    Because when i tried changing for our use, i affects the current setup and all company users cannot the client vpn.

  • 0 in reply to Ben Sel

    You can use the Firewall rules to limit it. 

    Firewall rules can use the authentication and limit on groups/users the certain access to certain networks. 

Reply Children
No Data