Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1978 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confusing ping from VPN SSL to lan

corsairetc
Hello,
We hawa to astaros UTM 9 ASG 220. Here is the site-to-site vpn by IPSEC.
VPN works correctly oru lan (192.168.100.X see to distant LAN 172.20.100.X) 
For users I use remote acces via SSL and IPSEC (10.242.2.0/24 and 10.242.4.0)
This vpn networks see to my LAn on my side (192.168.100.X) but they are not able to ping to other side or use any program which is connecting to other side (172.20.100.X)
I already try to disable automatic firewall rules and enable without effect. 
I also try added to SSL Local network  any network,our network and destination network still without effect.

I try to create this firewall rules see attach but it is not work.
Thank you for help.


This thread was automatically locked due to age.
Parents
  • 0
    Correct except that your VPN pool has to be specified as Remote networks on the other side of the site-to-site connection, just as you put your Internal network as remote at the other side.
    If you tick any in you will basically send all traffic over the tunnel to the other side. You may not want this!
    If you use automatic firewall rules then indeed you don't have to specify them yourself. But remember that with automatic rules all specified networks in the tunnel will be allowed all traffic to all networks. If you need to specify ie. which remote network will be allowed to only reach your DMZ and which will be allowed to reach your LAN, then you can't use automatic firewall rules and have to set them up yourself.
    Also using automatic fw rules, traffic is allowed both directions. Usually this is fine, but if you don't want that you also have to specify the rules yourself.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Correct except that your VPN pool has to be specified as Remote networks on the other side of the site-to-site connection, just as you put your Internal network as remote at the other side.
    If you tick any in you will basically send all traffic over the tunnel to the other side. You may not want this!
    If you use automatic firewall rules then indeed you don't have to specify them yourself. But remember that with automatic rules all specified networks in the tunnel will be allowed all traffic to all networks. If you need to specify ie. which remote network will be allowed to only reach your DMZ and which will be allowed to reach your LAN, then you can't use automatic firewall rules and have to set them up yourself.
    Also using automatic fw rules, traffic is allowed both directions. Usually this is fine, but if you don't want that you also have to specify the rules yourself.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML