Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 9051 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dynamic Dns works, cant access user portal or VPN anymore

Andrea Peccerillo

Hello everyone, i have been running sophos UTM 9 for quite a while now. I used it as a router for my home network with a very simple configuration 

ISP router-->Sophos UTM9--> Switch-->Local network 

Ip addresses on isp router network is 192.168.0.x

Ip addresses on local network is 192.168.1.x

I have VPN connection and a dynamic DNS set up on the sophos so that i can remotely access my freenas server and some other stuff from my home network.

Everything has been working great until few weeks ago when i moved out to another flat with a different ISP( at least i think thats the reason), same network configuration, same servers but i'm no longer able to access user portal, or connect via VPN to my local network from remote.

I can still access User Portal and the admin panel from my local network, everything else seem to be working fine and i know the ddns is working fine too.

 

Does anyone have a clue where should i start fixing this problem?

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andrea,

    Is the User Portal configured on a custom port? Make sure in the Management> User portal> Allowed network tab, the VPN pool is added. Also, any help after doing a ON and OFF in the USer Portal global settings?

    Thanks

  • 0 in reply to sachingurung

    User portal Settings:

    Allowed Networks: Any

    Allow all users is checked

    network settings

    hostname: My ddns address

    listen address: any

    port 443

  • 0 in reply to Andrea Peccerillo

    Hi Andrea,

    Take a TCP dump and check if you receive traffic on port 443 and verify if there is any DNAT that has 443 service mapped to a particular IP address; if yes, remove the DNAT policy as mapping 443 port on another IP will conflict with user portal.

    DM me your public IP on UTM, I will try to access the User portal.

    Thanks

  • 0 in reply to sachingurung

    Okay lets see if i get this right

    Im configured in a cascading router scenario:

    INTERNET-->R1(ISP)-->R2(sophos)-->LAN

    so for everything to work i should forward ports from r1 to r2

    and for that i enabled the DMZ on 192.168.0.2 which is sophos wan address. That should open all the ports on that ip, am i correct?

    So after that i should have my sophos UTM 9 dealing with protection and ports right?

     

    Now will i have to create nat rules on the sophos to get the vpn working from outside and get the access to user portal back? If so which ports and what services?

    I just dont understand why everything just worked with the previous isp...

  • 0 in reply to Andrea Peccerillo

    Hi,

    You should not have a DNAT policy that maps 443 on another IP address. I think my answer was unclear. I will edit it.

    Thanks

  • 0 in reply to sachingurung

    Ok, i didnt have any dnat set on the sophos, i just added one rule but i will delete it as soon as i get home.

     

    I did one test earlier. plugged my laptop on the ISP router and did a port test on 443 and it wasnt opened

     

    Did the same test on the sophos and got the same result. 

    I will send you my user portal link when i get home, i have got this feeling the problem is port forwanding between the routers.

     

    Thanks a lot for helping anyway.

Reply
  • 0 in reply to sachingurung

    Ok, i didnt have any dnat set on the sophos, i just added one rule but i will delete it as soon as i get home.

     

    I did one test earlier. plugged my laptop on the ISP router and did a port test on 443 and it wasnt opened

     

    Did the same test on the sophos and got the same result. 

    I will send you my user portal link when i get home, i have got this feeling the problem is port forwanding between the routers.

     

    Thanks a lot for helping anyway.

Children