Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 1 subscriber
  • Views 16928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN inbound thru UTM to 2012 R2 server

justinhow
I am interested in allowing Windows clients to directly VPN or Direct Access to my 2012 R2 server which is on the internal network. Can anyone help me on how I would allow/direct this traffic inbound, rather than the tunnel terminate at the UTM. 
I am familiar with DNAT, firewall rules etc but am not sure if letting VPN through is slightly different than the usual HTTP port 80 type stuff as it can also terminate at the firewall.
Also any big pros and cons as to which is best (tunnel into UTM or internal Server).
Thanks


This thread was automatically locked due to age.
Parents
  • 0
    DOH! - Ignore the following suggestion to use IPsec.  It doesn't work behind a NAT.  I must have been doing too many things at once.

    Justin,

    The fastest in the UTM would be IPsec, then L2TP/IPsec which would be about as fast as the SSL VPN using UDP Protocol.  I prefer the SSL VPN, and use the OpenVPN client on my iPhone.

    You also can use a NAT rule like 'DNAT : Any -> IPsec -> External (Address) : to {2012 R2 server}' to use the WinServer's IPsec VPN, but I prefer to use the UTM's Remote Access tools to keep all un-authenticated traffic outside the network.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    DOH! - Ignore the following suggestion to use IPsec.  It doesn't work behind a NAT.  I must have been doing too many things at once.

    Justin,

    The fastest in the UTM would be IPsec, then L2TP/IPsec which would be about as fast as the SSL VPN using UDP Protocol.  I prefer the SSL VPN, and use the OpenVPN client on my iPhone.

    You also can use a NAT rule like 'DNAT : Any -> IPsec -> External (Address) : to {2012 R2 server}' to use the WinServer's IPsec VPN, but I prefer to use the UTM's Remote Access tools to keep all un-authenticated traffic outside the network.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML