Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Established - Can't Connect

KeithMurrey
I have a VPN established but can't log into the website.

I suspect the reason is this.

We are a 192.168.1.x network.

They want traffic to appear to come from 10.x.x.x

So I think that  they 10.x and 192.x networks are not talking.  

We had this setup on an ASA Cisco unit - but I am moving everything over to Sophos.


This thread was automatically locked due to age.
  • 0
    Hi, kmurrey, and welcome to the User BB!

    Configure the IPsec Connection with 'Strict Routing' NOT selected and put ONLY a 10.x.x.x address in 'Local Networks'.  You should ask the other side what address you should use.  Now make a NAT rule:

    SNAT : Internal (Network) -> Any -> {network at the other side} : from 10.x.x.x


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I am trying to make the change - but it will not take it.

    Keeps saying: Cannot create a NAT rule changing neither the traffic source address nor the service.

    I have: 

    Rule Type: Snat (Source)

    Matching Condition:

    For traffic from: (Internal) Network (which is my 192.168.1.x)

    Using Service: Any

    Going to: Provider (10.x.x.x) which is the local IP that want the traffic to appear to be coming from.

    when I try to save the Change the source to:  box blinks red - wanting something there.
  • 0
    Going to needs to be the 10.x.x.x network.  You need to Change the Source to the specific 10.x.x.x address that they want the traffic to appear to be coming from.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Unfiltered HTML