Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2607 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ssl vpn unable to see all network devices

manf0001
Hi all I have the latest Sophos utm version   I've enabled ssl VPN and can connect fine

I can ping other devices such as my servers while connected to the VPN. However there are some other routers and switches that I am unable to ping their address or connect to while I'm in the Vpn session

If I try to ping I get a timed out error.   The only way I can access it is if I rdp into the server or another machine I have access to then I can view that device 

TIA


This thread was automatically locked due to age.
  • 0
    Hi, these devices may be missing a gateway address.

    Barry
  • 0 in reply to BarryG
    Hi, these devices may be missing a gateway address.

    ...or a proper route to the SSL VPN network.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking

    ...or a proper route to the SSL VPN network.


    How would I ensure they have a proper route to the VPN network?
  • 0 in reply to manf0001
    By tracerouting or pinging a connected SSL VPN client from these hosts.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0
    Yep it's because there is no default gateway in the device.  Unfortunately one of my routers that I'm using as a switch does not have an option to enter in a default gateway address
  • 0
    Hi,
    Then your choices are:

    1. only admin the switch, etc. from the same LAN
    OR
    2. create an SNAT or a Full NAT for the traffic from your VPN to your devices.
    Note that it is easy to mess this up and break access to WebAdmin, etc. on the firewall, so I don't recommend it unless you understand what you are doing.

    I may be able to provide examples if needed; I used to do this to admin my old WiFi router; I'm not sure if I still have the NAT settings in the firewall.

    Barry
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML