Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 18528 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to connect to a subnet behind a Remote Access SSL VPN client

JeroenP

Hi!

I created a Remote Access SSL VPN Profile, with a masquerade rule (VPN Pool (SSL) --> Internal). I'm using an Asus router on the remote site.
The Asus router has a builtin VPN client and it was pretty easy to configure. The Asus router connects without any problems and, thanks to the masquerade rule, the clients on the remote subnet (behind the Asus router) can connect with the clients on the internal subnet (behind the Sophos UTM) without any problems.

I would like to connect from an internal client to a host on the remote subnet (behind the Asus router). Because I use the default VPN Pool (SSL) the Asus router SSL VPN client is on IP-adres 10.242.2.2. I can connect to the Asus web interface (on 10.242.2.2) from a client on the internal subnet. I can't connect to a host on the 192.168.0.0/24 subnet.

Obviously the internal client is sending traffic for 192.168.0.0/24 to his gateway, the Sophos UTM. But when I use the support tools on the UTM and trace traffic from the UTM to 192.168.0.0/24, it sends that traffic to his gateway (the ISP router) :-(
How can I tell the UTM to send traffic for 192.168.0.0/24 to gateway 10.242.2.2 (the Asus router)
To be clear:

Internal subnet - SOPHOS UTM <------------------ ASUS Router builtin (OpenVPN client) - Subnet on remote site (192.168.0.0/24)

Regards!

Jeroen



This thread was automatically locked due to age.
Parents
  • 0

    Are you using site-2-site SSL connection between Asus and Sophos?

    Did you correctly configure Local and Remote Network(s)?

    And as of what Balfson said above, if both sites use the same internal IP-network (192.168.0.0/24) then you will need to either change the subnet on one of the sites or you will need to NAT between the subnets.

    See my attached picture for an example of the Local and Remote subnets (as viewed from the server which in my case is the Sophos UTM)

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    Hi apijnappels,

    Thank you for your reply! I don't use a site-2-site SSL connection. I use a Remote Access SSL VPN client. The Asus Router is acting like a SSL VPN client with a builtin SSL VPN client.
    The ip-subnet an the internal site is 10.0.0.0/24 and the ip-subnet on the remote (client) site is 192.168.0.0/24

    Regards,

    Jeroen

  • 0 in reply to JeroenP

    Hoi Jeroen, I'm not sure if what you want is possible using just remote access VPN since all the UTM knows about is the remote access IP-address it assigns when connecting.

    You should try whenever possible to use a site-to-site solution when connecting routers to each other. Perhaps your ASUS can also support IPSEC site-2-site?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0 in reply to JeroenP

    Hoi Jeroen, I'm not sure if what you want is possible using just remote access VPN since all the UTM knows about is the remote access IP-address it assigns when connecting.

    You should try whenever possible to use a site-to-site solution when connecting routers to each other. Perhaps your ASUS can also support IPSEC site-2-site?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML