Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2528 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access via IPSec VPN

buette
Hello 

i have a little problem with my astaro. may be i forgot something to configure.
i have a router wich is connected to the internet. 2 notebooks are directly connected to the router via lan and my astaro. i call this network "dmz" (192.168.200.0). behind the astaro is the "green" lan (192.168.0.0). 
everthing looks fine except the remote access via vpn. when i use one of the notebooks from my dmz the vpn works. when i try to connect from the internet i got a timeout because no response of the gateway.error 4021
The VPN site2site connection with a friend is working.
have anybody some ideas to solve my problem?
thank you


This thread was automatically locked due to age.
  • 0
    Which remote access VPN are you using?  I suspect the fact that you're double-natting your internet connection is the root of your problem... Why not eliminate the router so you can put your public IP on the Astaro?
    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    can you say your router, that all ports should be forwarded to the astaro?
    something like "DMZ" or so
  • 0
    I hope someone who knows this better than I can chime in...  I think the issue is that IPsec is not happy with having an IP address that's different from what it expects, so I think that port-forwarding also does not resolve his issue.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    hello
    strange, yesterday i wrote an answer but now i cant see.
    i am using ipsec vpn and cant replace the router with the astaro (vm app+isp).
    The router who makes the internet connection is only forwarding the following ports: 500udp, 4500udp, 50tcp, 51tcp, 1701udp, 1723tcp.

    may be i am to stupid [:S]
  • 0 in reply to buette
    Have tested the ssl vpn connection with a notebook and umts card. Everthing works. But no ipsec.
  • 0
    If it works with SSL, then I think that proves you are doing everything correctly with IPsec, but you are limited by double-NAT.

    Perhaps you can put your router into bridging mode.  I'll PM a suggestion.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    dont know what i have changed, the secure client tells me now that he could establish a connection to my astaro.But just reaching the green lan interface of my astaro.
Cookie Information Banner