Hello,
I'm currently testing a Sophos UTM solution and I would like to know if it is possible to modify the routes given by the UTM to the client?
Let me explain this precisely:
We use VPN SSL Pool: 10.242.2.0/24.
Our Internal Network is 192.168.0.0/248 (very bad, I know, we have to change it but it has been done in the past and now there are lots of things which stop us to do it right now).
The most part of remote SSL VPN clients use their local network at home which are often on this ranges: 192.168.0.0/24 and 192.168.1.0/24.
When disabling split tunneling on VPN SSL (by adding "Any" on Allowed Networks and not only our Internal Network) the following routes are added by the UTM on VPN SSL clients:
0.0.0.0 128.0.0.0 10.242.2.5 10.242.2.6 2
128.0.0.0 128.0.0.0 10.242.2.5 10.242.2.6 2
This is very good on paper but the problem is that, if our VPN SSL client local IP address is on network 192.168.0.0/24 or 192.168.1.0/24 (so like our Internal Network) it won't go to the right gateway because our VPN SSL client has, by default, a route like this:
192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.10 20
or
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.10 20
So my question is: is there a way to modify the routes given by the UTM to allow our clients to avoid problems? Is there a file in the UTM system with the routes generated by the UTM according to the Allowed Networks specify in the SSL Remote Access profile?
Second question about the routes give above:
0.0.0.0 128.0.0.0 10.242.2.5 10.242.2.6 2
128.0.0.0 128.0.0.0 10.242.2.5 10.242.2.6 2
10.242.2.6 is the IP given on our remote computer. What is 10.242.2.5? I guess that this a the IP on a virtual gateway on the UTM? Am I right? When doing a tracert, I saw 10.242.2.1 but not 10.242.2.5 :/
Don't hesitate to ask for further explanation, I don't know if it is clear enough or not.
Kind regards,
DeltaSM
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
