Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 3485 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Empty Subnet IPSEC

allandresner
Hi everyone,

Setup IPSEC VPN for a single Mac Client, IP, Gateway, and DNS information being passed along but Subnet is empty.  I can ping IPs across the VPN, but no DNS resolution or other services possible, presumably without the gateway.  

Settings:
Firewall Rule
VPN Pool (L2TP) -> Any -> Internal Network

Definitions:
VPN Pool (L2TP)
10.242.3.0/24

LAN:
192.168.1.0/24

Remote Access: 
L2TP over IPsec
Interface: Uplink Interfaces
Authen Mode: Preshared Key
Assign IP address by: IP address pool
Pool Network: VPN Pool (L2TP)

Advanced:
DNS settings filled out

I presume it's something to do with rules and the VPN pool.  Any help is appreciated...thanks!


This thread was automatically locked due to age.
Parents
  • 0
    If your DNS-server is a public one (on the internet), then you need to masquerade the VPN pool and also add the Internet IPv4 and or IPv6 network definitions in your VPN-subnets.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    If your DNS-server is a public one (on the internet), then you need to masquerade the VPN pool and also add the Internet IPv4 and or IPv6 network definitions in your VPN-subnets.


    Private DNS, do I need any masquerading rules in that case?
  • 0 in reply to allandresner
    Stupid question but do you have access control for your DNS on the DNS Server (which IPs can send queries to the DNS).

    Also try to do the following from shell or command prompt:
    nslookup
    server IP
    set type=A
    Google

    Replace the IP with the IP address of your DNS server. Post the results.
Reply
  • 0 in reply to allandresner
    Stupid question but do you have access control for your DNS on the DNS Server (which IPs can send queries to the DNS).

    Also try to do the following from shell or command prompt:
    nslookup
    server IP
    set type=A
    Google

    Replace the IP with the IP address of your DNS server. Post the results.
Children
No Data
Unfiltered HTML