SOPHOS XG - SSL VPN no access across IPSEC tunnel

Chris,

if you have created the SSL VPN for your VPN Users, make sure on the SSL VPN you also add the remote network.

For the IPSEC tunnel, make sure to include the IP/Subnet used by the VPN SSL. Go to VPN > Show VPN Settings > SSL VPN and take note of the address pool used.

Regards

I have tried that and still nothing.

Head office

Branch Office

Chris,

go to VPN > Remote Access SSL > Permitted Network put the other VPN remote site.

Also create a VPN to VPN allow firewall rule.

Thanks

Already had the vpn remote site in the permitted network.

Firewall on head office (traffic is going over this now), but nothing is making it back

Branch office firewall

Chris,

check from Firewall logs if packets are blocked. For example try RDP or any other service.

Regards

Nothing is blocked  or appears to be dropped.  The firewall rule allows it, but nothing shows on the destination firewall.

Chris,

are you able from the SSL VPN client to ping any remote host?

If you issue a "traceroute x.x.x.x" command from the ssl vpn client, what is the result?

No can't ping anything over to the other site.

tracert looks to be going out of our gateway IP, then dies.

Any other suggestions?

so nobody can lend any other suggestion?

Chris,

send me a PM.

Regards

After spending an hour with Chris,

we discovered that the routing table on the Head Quarter missed the correct network.

Issuing the command

system ipsec_route add net 10.1.10.0/255.255.255.0 tunnelname Office_Tunnel1

fixed the issue.

It should be a bug because the GUI should fill the routing table.

After spending an hour with Chris,

we discovered that the routing table on the Head Quarter missed the correct network.

Issuing the command

system ipsec_route add net 10.1.10.0/255.255.255.0 tunnelname Office_Tunnel1

fixed the issue.

It should be a bug because the GUI should fill the routing table.

Yes this indeed fixed my issue.  Can't thank you enough.