Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 7109 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN No Internet No Lan Split and Full Tunnell

xianx
Hi,

I completely reset my Sophos utm 9 version 9.2.09-8 so no misunderstanding.
I setup SSL VPN, i can connect and get a SSL VPN POOL IP assign but don't have no internet and can't ping/reach any remote local/lan resources.

SPLIT TUNNEL MODE:

profiles.JPG   settings.JPG
advanced.JPG   remote access advanced.JPG

FULL TUNNEL:

full tunnel profile.JPG

Need some help to access the remote local resources in split and full tunnel mode.
[:S]
Thanks


This thread was automatically locked due to age.
  • 0
    Update!

    Added SSL VPN POOL to DNS internet is working when connected.

    But still no local lan.
  • 0 in reply to xianx
    Hello,

    please show your paketfilter-rules list.
    Thx.
  • 0 in reply to ManuelKarl
    Hello,

    please show your paketfilter-rules list.
    Thx.


    Is above what you needed

    grz
  • 0 in reply to xianx
    Try changing access for user online to"internal" AND "Internet ipv4", so he can surf the web AND can access internal devices.

    For user secured try changing from "any" to "internal".

    And configure the vpn dns servers (maybe your internal ads/dc or a public dns like google 8.8.8.8) and give your internal ad-domain (***.local ?) in client options.

    Or am i misunderstanding the roles of users online and secured?
  • 0 in reply to ManuelKarl
    Try changing access for user online to"internal" AND "Internet ipv4", so he can surf the web AND can access internal devices.

    For user secured try changing from "any" to "internal".

    And configure the vpn dns servers (maybe your internal ads/dc or a public dns like google 8.8.8.8) and give your internal ad-domain (***.local ?) in client options.

    Or am i misunderstanding the roles of users online and secured?


    User "online" is split tunnel, but want to be able to ping local and remote local devices.

    User "secured" is full tunnel, want to ping reach everything on remote local site on dns name not only ip. also use the internet ip from the remote site.
  • 0
    Like Umpf said, use "internal" AND "Internet ipv4" instead of "Any" in "secured."  Also, complete the 'Advanced' section.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML