Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 765 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I cannot reach a specific subnet when accessing via SSL/VPN remote access

Juan Michel

In my firewall I have remote VPN access configured using SSL/VPN using the Sophos Connect client. The connection of remote users occurs without any problems and they can reach all networks and resources allowed in their particular groups which are in the 192.168.1.0/24 network.

The problem is that I have another subnet for the phones which works on the 192.168.5.0/24 subnet but cannot be reached by these users connecting remotely.

So far I have done the following:
1- Create the objects for this network in Host and services options
2- I allowed access in the Firewall rule on which remote access works
3- Create an Alias ​​in the LAN interface with the address 192.168.5.200/24 ​​to be able to communicate with the nodes that are in this subnet

And still I am not able to reach the telephone exchange that has the address 192.168.5.120 when connecting via SSL/VPN

NOTE: From the firewall I can successfully ping 192.168.5.120

What dou you recommend?

SSL Range for remote user: 10.81.234.5-55

Main Subnets: 192.168.1.0/24

Secondary Subnet:192.168.5.0/24

Alias Interface attached to LAN ZONE: 192.168.5.200



This thread was automatically locked due to age.
Parents
  • 0

    Hi :  Thanks for sharing the detailed information with us. After connecting with SSL VPN, if you check #route print on end machine, Is 192.168.5.0 NW route present or not? If Yes it is present then PING to any device from 192.168.5.0 network from the machine which is connected over SSL VPN. During this PING you may capture tcpdump & Drop packets on XG to confirm more. You may also check Packet capture on GUI to see what is happening with packets along with CLI tcpdump & drop observations.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    Hi Vishal, thanks for your response!

    As you can see after making the connection through SSL/VPN and printing the routes in the CMD I can see the routes to the subnet in question

    But I still can't reach it.

    If I look in the firewall logs and filter by source IP addresses, destination IP addresses and ICMP protocol I can even see that the PING arrives and is allowed by the Firewall rule X

    but from the remote machine I do not receive a response to said PING .

    It's super weird, I'm going to take screenshots to try to understand what's happening and I'll tell you about any news.

    Thanks in advance for all

  • 0 in reply to Juan Michel

    Looks fine from the SFOS perspective.

    Check via wireshark on the client behind Port3, if it arrives or not. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I was checking and seems to be that de client 192.168.5.120 does not have a default gateway to respond to the ping request. Im working on it.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?