This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN and multiple Subnets

Hi everyone,

Using Sophos UTM9 with Amazon Web Services. I have a VPC with subnets 10.0.0.0/24, 10.0.1.0/24 and so until 10.0.15.0/24.

The different subnets are routable between themselves, so for example a host in 10.0.1.0/24 can talk to a node in 10.0.3.0/24.

My VPN Pool is the default 10.242.2.0/24.

My Sophos instance is in the 10.0.0.0/24 network. My vpn clients can ping and do everything I need to do to all hosts in the 10.0.0.0/24 subnet (also configured the VPC Security groups and etc), but cannot talk to any of the nodes in other subnets.

I'm thinking I have to create multiple elastic network interaces, one in each subnet, and connect it to the Sophos instance and just repeat my steps. Has anyone tried this type of solution or have any other ideas?

Thanks a lot!

Tony

This thread was automatically locked due to age.

0 monstaloc over 11 years ago

Looks like you cannot connect multiple ENIs in different subnets to a node that is not in the same subnet.

Apparently I was over thinking things when playing with static routes, and masquerading because none of that was needed. All I had to was setup multiple network definitions, and add them to the SSL VPN LOCAL NETWORKs list.

You definitely need to setup a route to the SSL VPN pool in AWS so your internal instances know how to reach back to the VPN clients.

Maybe I was pinging the wrong address or something. Either way, responding so people can see a solution.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Yes, or just use 10.0.0.0/20.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

SSL VPN and multiple Subnets

Submitted a Tech Support Case lately from the Support Portal?