VPN SSL no tengo acceso a los equipos de la red Internat (LAN)

Question

Hola buenos d&iacute;as, una vez hecha la conexi&oacute;n con VPN SSL Cliente de Sophos no puedo ver los equipos de la LAN. 
 la VPN me asigna este rango 10.81.234.6, la LAN est&aacute; en este rango 10.10.10.x 
 he creado en el Cortafuegos una regla VPN TO LAN 
 
 No s&eacute; qu&eacute; m&aacute;s hacer. 
 
 gracias.

lferrara · Accepted Answer

Rafael, 
 send me a PM and I will have a look at your XG. 
 Regards

Aditya Patel · Answer

HI Rafael , 
 Sorry for the late response, 
 Could you confirm your LAN address of your XG appliance , I would need to check the VPN router on your list . 
 As an example I have used SSL network same as you which is a default , the intergae 
 \Users\loginuser6>route print =========================================================================== Interface List 7...00 0c 29 0d 29 78 ...... 18...00 ff e7 0b ed c1 ......Sophos SSL VPN Adapter 1...........................Software Loopback Interface 1 6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.10.1 192.168.20.128 281 0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.128 281 0.0.0.0 0.0.0.0 192.168.30.1 192.168.20.128 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.20.0 255.255.255.0 On-link 192.168.20.128 281 192.168.20.128 255.255.255.255 On-link 192.168.20.128 281 192.168.20.255 255.255.255.255 On-link 192.168.20.128 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.20.128 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.20.128 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.10.1 Default 0.0.0.0 0.0.0.0 192.168.20.1 Default 0.0.0.0 0.0.0.0 192.168.30.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 7 281 fe80::/64 On-link 7 281 fe80::615c:6688:a44a:e230/128 On-link 1 331 ff00::/8 On-link 7 281 ff00::/8 On-link ==================================================== After connection using the SSL VPN client. C:\Users\loginuser6>route print =========================================================================== Interface List 7...00 0c 29 0d 29 78 ...... 18...00 ff e7 0b ed c1 ......Sophos SSL VPN Adapter 1...........................Software Loopback Interface 1 6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.10.1 192.168.20.128 281 0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.128 281 0.0.0.0 0.0.0.0 192.168.30.1 192.168.20.128 281 10.81.234.0 255.255.255.0 On-link 10.81.234.6 291 10.81.234.6 255.255.255.255 On-link 10.81.234.6 291 10.81.234.255 255.255.255.255 On-link 10.81.234.6 291 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.10.0 255.255.255.0 10.81.234.5 10.81.234.6 291 192.168.20.0 255.255.255.0 On-link 192.168.20.128 281 192.168.20.128 255.255.255.255 On-link 192.168.20.128 281 192.168.20.255 255.255.255.255 On-link 192.168.20.128 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.20.128 281 224.0.0.0 240.0.0.0 On-link 10.81.234.6 291 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.20.128 281 255.255.255.255 255.255.255.255 On-link 10.81.234.6 291 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.10.1 Default 0.0.0.0 0.0.0.0 192.168.20.1 Default 0.0.0.0 0.0.0.0 192.168.30.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 7 281 fe80::/64 On-link 18 291 fe80::/64 On-link 7 281 fe80::615c:6688:a44a:e230/128 On-link 18 291 fe80::ac2e:57b8:4441:5837/128 On-link 1 331 ff00::/8 On-link 7 281 ff00::/8 On-link 18 291 ff00::/8 On-link =========================================================================== Persistent Routes:

Mike Cruz · Answer

PM significa mensaje privado :)

lferrara · Answer

Rafael 
 added Port inside the allowed IP4 networks instead on IP range/network. 
 All works now.

lferrara · Answer

Rafael, 
 Remove the match know users check on the firewall rule shared and try again. 
 Regards

Aditya Patel · Answer

HI Rafael, 
 You may need to create two Rules LAN to VPN and VPN to LAN , No NAT applied. Ensure that the packets are incoming on XG appliance. 
 On console, you may check the dumps via command 
 Console> tcpdump ' net 10.81.234 
 Once you see the traffic you may check if its forwarded to your LAN network as desired. 
 Also if there is no incoming traffic, you may need to check the routes on your remote PC via command on cmd "route print" when the SSL VPN is connected. This would let you know if the metric value of the desired route took place or not . 
 If not you may need to check your system for this issue and may test on another remote PC.