Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote access SSL VPN and same 192.168.1.x network on both ends? (XG 125)

RubenMiranda

Can I have a 192.168.1.x network at home and still use the ssl remote access vpn client to connect to my office work network that has the same 192.168.1.x ?

I can connect but I cannot ping anything.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Not with a default configuration, no. There would be no destination for the traffic as it would be kept locally and wouldn't be routed.

    Here is how you'd do it (I have tested and verified this working on an SG firewall): https://community.sophos.com/kb/en-US/115579 

    Basically what the article has you do is to do two 1:1 maps, one for 'map source' and another for 'map destination'. From there we create a fake VPN with a fake network that doesn't exist, like 192.168.200.0/24, and on your other network, another fake lan like 192.168.100.0/24. The rules say "From fake lan A to fake lan B, change to my real network" and vice versa. The article should show it.

    On the XG there's no 1:1 NAT, so we would do differently. I would try:


    User/Network rule

    Match based on identity: OFF

    Source

    Zone: VPN

    Networks: (local lan)

    Services: (whatever's applicable)
    Schedule: Whatever works for you.

    Destination

    Zone: VPN

    Networks (your other side's fake LAN, like 192.168.100.0/24)

    routing: Rewrite source address (Masquerading) ON

    Create a new IP network for your local fake lan, like 192.168.200.0/24

    Then in VPN, your local networks and remote networks would both be your fake LANs.

    I can't bench this at present, but give it a try and see if it works for you.

Reply
  • 0

    Hi,

    Not with a default configuration, no. There would be no destination for the traffic as it would be kept locally and wouldn't be routed.

    Here is how you'd do it (I have tested and verified this working on an SG firewall): https://community.sophos.com/kb/en-US/115579 

    Basically what the article has you do is to do two 1:1 maps, one for 'map source' and another for 'map destination'. From there we create a fake VPN with a fake network that doesn't exist, like 192.168.200.0/24, and on your other network, another fake lan like 192.168.100.0/24. The rules say "From fake lan A to fake lan B, change to my real network" and vice versa. The article should show it.

    On the XG there's no 1:1 NAT, so we would do differently. I would try:


    User/Network rule

    Match based on identity: OFF

    Source

    Zone: VPN

    Networks: (local lan)

    Services: (whatever's applicable)
    Schedule: Whatever works for you.

    Destination

    Zone: VPN

    Networks (your other side's fake LAN, like 192.168.100.0/24)

    routing: Rewrite source address (Masquerading) ON

    Create a new IP network for your local fake lan, like 192.168.200.0/24

    Then in VPN, your local networks and remote networks would both be your fake LANs.

    I can't bench this at present, but give it a try and see if it works for you.

Children
No Data