Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 5222 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Masquerade not working

Astaronator
Hey all,

I have IPSec configured and am testing the 30-day trial of Sophos IPSec Client. 

I have the IPSec rule set up as x509 and AES256. I can connect using the user profile and certificate no problem, but I can't get the masquerading to work.

I am able to browse local web servers fine, but my ipchicken is showing my air card IP, not the office network's IP.

User receives IP from VPN Pool (IPSec).

My Masq rule is:
Joe (UserNetwork)
Position 1
External (WAN)
>

UTM version: 9.107-33

Any help is appreciated [:$]


This thread was automatically locked due to age.
Parents
  • 0
    Yes, but if you want your vpn clients to have internet access through the VPN tunnel then you need to have that in your tunnel. Now your tunnel will only allow traffic to the Internal network and nothing else.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Yes, but if you want your vpn clients to have internet access through the VPN tunnel then you need to have that in your tunnel. Now your tunnel will only allow traffic to the Internal network and nothing else.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
  • 0 in reply to apijnappels
    Ah I understand now sorry.

    I don't have a definition for "Internet IPv4".

    I did try External (WAN) and that didn't work.

    I also tried "Any". When I use "Any" just to see if it works, however the VPN tunnel won't establish. I get the message "IKE(phase 2) - Waiting for Msg 2" on the client.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML