Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 2243 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accessing VPN on seperate appliance

bookStores

I'm trying to access a VPN from a device on a different Sophos appliance than the VPN is connected to. Currently, I have a Sophos SG125 at Site A, and a datacenter with SG310 at Site B (all running v16 of XG software). The Site B location has a VPN tunnel to another site. Both Site B and Site A XGs have an interface on the same LAN, which is primarily hosted at Site B. I'd like to be able to access the VPN location on Site B from a different LAN at site A than the share LAN. The routes are in place on Site A and traffic makes it to SIte B with no violations that I can see but the traffic never seems to make it to the VPN machines and never seems to be able to leave the VPN to get to Site A. The VPN location is in Amazon Web Services. Any ideas, or is this not possible?

Thanks,

-Matt



This thread was automatically locked due to age.
Parents
  • 0

    Matt,

    did you add the remote networks inside the site to site where the user is initiating the vpn connection?

    What happens from the user if you try a traceroute to the remote ip that need to be accessed?

    Thanks

  • 0 in reply to lferrara

    Yes, the remote networks are added to the site to site VPN connection. Both LANs at site A and B. And if you click the little information box next to the tunnel after it's connected, you can see a green light next to each network. If I attempt to tracert from Site A I get to the DG at Site A and then the DG at Site B that is on the LAN at Site B. If I tracert from a server in the VPN network it just times out typically.

Reply
  • 0 in reply to lferrara

    Yes, the remote networks are added to the site to site VPN connection. Both LANs at site A and B. And if you click the little information box next to the tunnel after it's connected, you can see a green light next to each network. If I attempt to tracert from Site A I get to the DG at Site A and then the DG at Site B that is on the LAN at Site B. If I tracert from a server in the VPN network it just times out typically.

Children