Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 1 subscriber
  • Views 16935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN inbound thru UTM to 2012 R2 server

justinhow
I am interested in allowing Windows clients to directly VPN or Direct Access to my 2012 R2 server which is on the internal network. Can anyone help me on how I would allow/direct this traffic inbound, rather than the tunnel terminate at the UTM. 
I am familiar with DNAT, firewall rules etc but am not sure if letting VPN through is slightly different than the usual HTTP port 80 type stuff as it can also terminate at the firewall.
Also any big pros and cons as to which is best (tunnel into UTM or internal Server).
Thanks


This thread was automatically locked due to age.
  • 0
    That leaves us with #3 in Rulz.  Was that it?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi, Bob.

    Rule #3 in Rulz is met. See attached picture below.
    I continue researching....

    Thanks
  • 0
    Does the VPN server have the UTM as its default gateway?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob.
    Yes, it does. 

    I have PPTP VPN up and running.
    However, I am unable to setup L2TP/IPSec connections. 

    Regards
  • 0
    As soon as I saw that you were trying to use IPsec behind a NAT, I knew what the problem was - that can't work for L2TP/IPsec, and I don't know of an IPsec client that can deal with it either.  It's just the way IPsec works - your client drops the responses because they're not "signed" with the public IP but with the private IP of your server.

    That made me wonder if L2TP/IPsec had been mentioned earlier in the thread.  I found my first post in the thread actually recommended a DNAT.  What was I thinking!  I've now noted at the top of the post that my suggestion of the DNAT was thoughtless. [:O]

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    OK, understood.

    No problem, and thanks a lot, Bob.
Unfiltered HTML