Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 3947 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SSL client with same local subent

ouebman
Hi,

is there some specific thing to do when the client and the office are in the same subnet ?

i can not acces to the ressource with host name, only with IP.

Thank you

Mathieu


This thread was automatically locked due to age.
  • 0
    This is not because it is in the same subnet but because hostname resolution is netbios traffic which is broadcasted and normally not routed.
    Best solution is to use a DNS-server that can translate the hostnames (with a domain suffix), other solution may be to edit your HOSTS file on the client (This is okay for just a few static hosts, but when there are many and/or dynamically assigned IP-addresses than this is simply too much work to keep up-to-date).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    Best solution is to use a DNS-server that can translate the hostnames (with a domain suffix)


    can you tell me more ? i have a AD infrastructure with DNS servers.

    Thank you
  • 0 in reply to ouebman
    can you tell me more ? i have a AD infrastructure with DNS servers.

    Thank you


    Look in Remote access -> advanced and enter the company's DNS-server IP-address (which should of course be reachable for your VPN client).
    You can also enter the domain name there (which will automatically appended to a single hostname if you don't use FQDN's).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    i had allready done that

    the dns resolution work through nslookup but not directly with a ping on hostname
  • 0
    try fqdn names.. did it work then?
    the client did not always use the right dns-suffix.. so try use fqdn hostnames to test your name resolution

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0
    Salut, ouebman, and welcome to the User BB!

    is there some specific thing to do when the client and the office are in the same subnet ?

    If your home network were 192.168.1.0/24 and your office were also, then you wouldn't be able to reach anything in your office.  How do you know that the pings by IP weren't being answered by a device in your home network?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to zaphod
    try fqdn names.. did it work then?
    the client did not always use the right dns-suffix.. so try use fqdn hostnames to test your name resolution


    thanks but already tried...
  • 0 in reply to BAlfson
    Salut, ouebman, and welcome to the User BB!


    If your home network were 192.168.1.0/24 and your office were also, then you wouldn't be able to reach anything in your office.  How do you know that the pings by IP weren't being answered by a device in your home network?

    Cheers - Bob


    Merci Bob [:)]

    i understand that but before when used the Cisco ipsec client and it was possible to 'protect' some network, so all the trafics gone though the tunel even if it was the same subnet.
Unfiltered HTML