Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 28 subscribers
  • Views 42488 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS XG - SSL VPN no access across IPSEC tunnel

Chris Trowbridge

Have 2 sites connected with an IPSEC tunnel

192.168.1.0 - head office  (SSL VPN 10.81.234.0)

10.1.10.0 - branch office  (SSL VPN 10.81.235.0)

 

when a user connects via ssl vpn they can't communication to the other site.  What do i have to add in order to accomplish this?  please be specific I'm a noobie on sophos.  I've seen articles on this, but everything seems to relate to the UTM9 not the XG.

I've tried adding the ssl vpn network in the ipsec connection local sub, and the remote sub on the other side, but still didn't work.

 



This thread was automatically locked due to age.
Parents
  • 0

    It happened with me today, after following everything on the internet, this is what I followed and it worked for me. 

     

    1. Added remote network in my SSL VPN permitted network resource.

    2. Using telnet to XG firewall, going to option 4 added static router as per example on this link. 

    https://community.sophos.com/kb/en-us/127761

    3. adding a firewall policy of VPN-VPN selecting source as address range of my SSLVPN (you can check in "show vpn settings" at VPN section. Destination as my remote network.

    4. After following all of the above still when it didn't work, the final try I made is to use a beautiful option which goes unnoticed in your ipsec configuration which is "Network Address Translation (NAT)
    Subnets which can be selected here, must be first created under "Hosts and services" " 

    That and adding my remote network also in my sslvpn configuration and then installing client and loading configuration. Everything worked like a charm.

Reply
  • 0

    It happened with me today, after following everything on the internet, this is what I followed and it worked for me. 

     

    1. Added remote network in my SSL VPN permitted network resource.

    2. Using telnet to XG firewall, going to option 4 added static router as per example on this link. 

    https://community.sophos.com/kb/en-us/127761

    3. adding a firewall policy of VPN-VPN selecting source as address range of my SSLVPN (you can check in "show vpn settings" at VPN section. Destination as my remote network.

    4. After following all of the above still when it didn't work, the final try I made is to use a beautiful option which goes unnoticed in your ipsec configuration which is "Network Address Translation (NAT)
    Subnets which can be selected here, must be first created under "Hosts and services" " 

    That and adding my remote network also in my sslvpn configuration and then installing client and loading configuration. Everything worked like a charm.

Children
No Data