Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confusing ping from VPN SSL to lan

corsairetc
Hello,
We hawa to astaros UTM 9 ASG 220. Here is the site-to-site vpn by IPSEC.
VPN works correctly oru lan (192.168.100.X see to distant LAN 172.20.100.X) 
For users I use remote acces via SSL and IPSEC (10.242.2.0/24 and 10.242.4.0)
This vpn networks see to my LAn on my side (192.168.100.X) but they are not able to ping to other side or use any program which is connecting to other side (172.20.100.X)
I already try to disable automatic firewall rules and enable without effect. 
I also try added to SSL Local network  any network,our network and destination network still without effect.

I try to create this firewall rules see attach but it is not work.
Thank you for help.


This thread was automatically locked due to age.
  • 0
    The remote VPN pools need to be specified in you local site-to-site connection under local networks.
    On the remote side of the site-to-site connection these pools need to be specified as remote.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    Hello tthank you for repply,
    You mean put the local ssl-vpn-pool or ipsec-vpn-pool to ipsec site-to-site vpn to local networks on both sides, see attach.

    2. I have to add this remote network also to remote acces/ssl/local networks ? see ataach of local ssl vpn.
    If I was not tick Automatic firewall rules I presume I have to specified all firewall rules manually and add here to local networks networks to which I want to acces.
  • 0
    Correct except that your VPN pool has to be specified as Remote networks on the other side of the site-to-site connection, just as you put your Internal network as remote at the other side.
    If you tick any in you will basically send all traffic over the tunnel to the other side. You may not want this!
    If you use automatic firewall rules then indeed you don't have to specify them yourself. But remember that with automatic rules all specified networks in the tunnel will be allowed all traffic to all networks. If you need to specify ie. which remote network will be allowed to only reach your DMZ and which will be allowed to reach your LAN, then you can't use automatic firewall rules and have to set them up yourself.
    Also using automatic fw rules, traffic is allowed both directions. Usually this is fine, but if you don't want that you also have to specify the rules yourself.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Corsairetc, the KnowledgeBase is your friend: How to allow remote access users to reach another site via a Site-to-Site Tunnel

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you gentleman,
    It work's. And you Balfson you are right knowlidge base ie really our frind :-)
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML