Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 9613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing SSL VPN -> Site to Site IPSec

Marvin Keupink

Hallo Zusammen,

Ich habe folgendes Szenario:

 

SSL VPN Client PC (10.242.2.0/24)

UTM 1 (192.168.100.0/24)

UTM 2 (192.168.178.0/24)

Die UTMs sind Untereinander via Site to Site via IPSec Verbunden.

 

Der SSL VPN Client wählt sich auf UTM 1 ein und soll auf das Netz der UTM 1 und UTM 2 Zugriff bekommen.

Im Netz (192.168.100.0/24) kann auf das Netz der UTM 2 (192.168.178.0/24) zugreifen.

Wenn man per SSL VPN Verbunden ist geht dies nicht.

 

Ich habe bereits Versucht eine Statische Route anzuegen leider ohne erfolg.

 

Evtl. kann mir jemand von euch helfen.

 

Grüße aus Frankfurt am Main

Marvin



This thread was automatically locked due to age.
Parents
  • 0

    My German is not that good, so I hope you can follow it in English.

    You need to have the SSL subnet 10.242.2.0/24 inside the VPN local subnets on UTM1 and as a remote subnet on UTM2. Also on UTM2 make sure there is not a SSL VPN subnet that is exactly the same (which by default will be the case, so it needs to change to something different then 10.242.2.0/24)

    Then make sure that in your SSL config also the subnet for UTM2 (192.168.178.0/24) is included.

    If you have auto firewall rules on both site-2-site and remote SSL then that should pretty much be all, if not you'll need to create manual firewall rules allowing traffic from the SSL VPN to the UTM2 network (this needs to be allowed on both UTMs!).

    Another possibility could be to use SNAT where you can create a SNAT rule in UTM1 where you change the source from the SSL remote client(s) to an internal UTM1 address when traffic from Remote SSL is going to Subnet from UTM2. In that case you will also need to adjust your Remote SSL to include the subnet from UTM2.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    My German is not that good, so I hope you can follow it in English.

    You need to have the SSL subnet 10.242.2.0/24 inside the VPN local subnets on UTM1 and as a remote subnet on UTM2. Also on UTM2 make sure there is not a SSL VPN subnet that is exactly the same (which by default will be the case, so it needs to change to something different then 10.242.2.0/24)

    Then make sure that in your SSL config also the subnet for UTM2 (192.168.178.0/24) is included.

    If you have auto firewall rules on both site-2-site and remote SSL then that should pretty much be all, if not you'll need to create manual firewall rules allowing traffic from the SSL VPN to the UTM2 network (this needs to be allowed on both UTMs!).

    Another possibility could be to use SNAT where you can create a SNAT rule in UTM1 where you change the source from the SSL remote client(s) to an internal UTM1 address when traffic from Remote SSL is going to Subnet from UTM2. In that case you will also need to adjust your Remote SSL to include the subnet from UTM2.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML