Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 2060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

only gateway can access thru sslvpn

hktranstech
Hi Expert,

I have sucessed build a sslvpn thru 2 Sophos UTM9,
rules are as below :

firewall 1 is the server and firewall 2 is the client;
firewall 1 to firewall 2:
fw1tofw2.jpg
firewall 2 to firewall 1:
fw2tofw1.jpg

I have assign 192.168.81.6 for "Use static virtual IP address" at firewall 1
I can login to firewall 2's Sophos ie: https://192.168.11.26:4444,
and the network behind firewall 2 can ping the firewall 1 gateway: ie: ping 192.168.81.6

The problem is:
the network behind firewall can only ping the firewall 1 gateway but cannnot ping (or RTP) and computer behind the firewall 1 : ie: 192.168.81.88

Have I miss something important ?
Thx for advice,
Jessie


This thread was automatically locked due to age.
Parents
  • 0
    Please show us screenshots of the SSL VPN configs on both firewalls, so it's easier to see errors.

    Also: Do you have "Automatic Firewall rules" checked on both sites? There seems to be something wrong because the remote netowrk of site 2 is 192.168.11.26/32, so please check the local and remote network settings on both SSL VPN configs.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    Please show us screenshots of the SSL VPN configs on both firewalls, so it's easier to see errors.

    Also: Do you have "Automatic Firewall rules" checked on both sites? There seems to be something wrong because the remote netowrk of site 2 is 192.168.11.26/32, so please check the local and remote network settings on both SSL VPN configs.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
  • 0 in reply to scorpionking
    Please show us screenshots of the SSL VPN configs on both firewalls, so it's easier to see errors.

    Also: Do you have "Automatic Firewall rules" checked on both sites? There seems to be something wrong because the remote netowrk of site 2 is 192.168.11.26/32, so please check the local and remote network settings on both SSL VPN configs.


    Like scorpionking says you have a remote network of 192.168.11.26/32
    That's only a single IP-address and I guess the IP of your fw, since that is the only host being able to access the other side.
    If your firewall has 192.168.11.26 with /24 (255.255.255.0) subnet, you should add 192.168.11.0/24 at both firewalls.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    Like scorpionking says you have a remote network of 192.168.11.26/32
    That's only a single IP-address and I guess the IP of your fw, since that is the only host being able to access the other side.
    If your firewall has 192.168.11.26 with /24 (255.255.255.0) subnet, you should add 192.168.11.0/24 at both firewalls.



    Dear scorpionking, apijnappels,

    Thanks for your advice, my sslvpn work great after change the network to 192.168.11.0/24.

    1 more question, how can I force the client side of sslvpn use the server side's dns server ? 

    Many Thx,
    Jessie.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML