Configuration problem remote access to two networks

Question

Hello 
 I run a UTM 9 and everything works quite well. But I have a question about a remote access configuration to two different networks over the same remote access connection. 
 Right now, I have a remote connection to the internal network (A) let&rsquo;s say 192.168.23.0/24. This is accessible via the Sophos VPN Client and I can connect to the terminal server. 
 I also have a IPSEC connection to an external network (B) let&rsquo;s say 10.10.100.0/24. The PC&rsquo;s and Servers in B are member of the domain network of A and I can ping and RDP them from A. 
 My goal is to be able to have a remote connection to B as well and can RDP to a server in A and in B. 
 Sorry German speaker 
 Can somebody help?

apijnappels · Answer

The easiest solution is to make sure that network B is also inside the Remote client VPN networks so the VPN client knows to send the traffic to the UTM. 
 Also in the IPSEC tunnel between A and B the IP-network from the Remote VPN clients should be listed so site B knows to send traffic for your remote ssl clients to site A over the IPSEC connection. 
 If that is not possible than you can only create an SNAT rule in site A firewall. You must still make sure that site B's network is inside the remote VPN profile and you can create a SNAT rule: 
 Traffic from: Remote VPN Network Pool Going to: Site B subnet Change Source to: Internal (Address) 
 Also make sure to tick ' Rule applies to IPsec packets' under advanced with the NAT rule . 
 That way you the firewall will change the source address from your remote VPN-users to be not 10.242.x.y but 192.168.23.x and that will travel to the firewall.

Heinz Fischer · Answer

Thanks a lot this helped me a lot. Towgether with community.sophos.com/.../utm9-vpn-client-verbindung-mit-mehreren-netzwerken 
 So connection is established. Only I get a dark screnn :_) But this is another issues now

Configuration problem remote access to two networks

Top Replies