I'm not sure what the right approach to this would be.
I have a Sophos 120, running 9.2x. I have configured a SSL VPN that allows the clients that log in to get to all of the resources in the same local network as the UTM itself. Let's call that 192.168.1.x
I have a second network, 192.168.2.x and there is a separate router (not the UTM) to allow traffic between the two networks.
The problem is how to allow the VPN clients access to the 192.168.2.x network.
I can think of a few ways this might work:
1. Manually run a script that is triggered when the connection is made to add a route to the client
2. Policy route that allows the firewall to route traffic from source --> VPN SSL Pool to destination --> 192.168.2.x
3. Eliminate the separate router and use an unused interface on the UTM to route the traffic so the network can be considered "local." eth3 is not currently in use. The problem there (I think) is that currently all the local clients on the 192.168.1.x are using a static route on the current router to get to the 192.168.2.x network. So what happens if I eliminate that device and let the UTM route the traffic - i.e. since the current default gateway for these devices is 192.168.1.1 which is on the UTM, if I configure an interface for 192.168.2.x on the UTM, do the local clients no longer need a static route?
I could be totally wrong on any or all three of these, so please offer any ideas you may have on the best method. Obviously this needs to be as "hands-off" for the users as possible
Thanks
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
