Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 6290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Client - No connection two branch office network

SaschaUrbansky

Hi there,

i have got a small issue here.

We have got 2 UTM 9. One at our Head office and one at our Branch Office.

The Branch Office is connected to the Head with a ipsec Site to Site Connection.

So far so good. We have got several users that work from home and use the SSL Client provided with the utm. 

The Problem is they cant connect to the UTM at the Head Office but are unable to access the Branch Network. 

Some of them need to access printers and so one directly in the branch office but thats not working.

I have created a firewall rule that says that the VPN Pool can access the branch office network but its not working.

Any ideas whats going wrong? The Head office itself is able to access the branch network.

Regards



This thread was automatically locked due to age.
Parents
  • 0

    Hi Sascha,

    In your question, "The Problem is they can't connect to the UTM at the Head Office but are unable to access the Branch Network" I think you mistyped it somewhere can you re-explain? 

    Did you add the SSL VPN pool network on local and remote network in the IPSec policy which should be reachable through the VPN tunnel?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi there,

    yes the auto correction mistyped it.

    The home users can connect to the utm of the head office but are unable to access the branch office. 

    VPN Pool SSL and IPsec is added as accepted in both firewalls. 

    If i add VPN POOL as a local network in the ipsec policy it shows one new connection in the overview:

    GBR-Engel Verbindung [1 of 2 IPsec SAs established]
    SA: 10.242.2.0/24=xxx.xxx.xxx.xxx %any=172.16.0.0/16
    VPN ID: xxx.xxx.xxx.xxx
    Error: No connection
    SA: 10.10.10.0/24=xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx=172.16.0.0/16
    VPN ID: xxx.xxx.xxx.xxx
    IKE: Auth PSK / Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 7800s / NAT-T / DPD
    ESP: Enc AES_CBC_128 / Hash HMAC_MD5 / Lifetime 3600s

  • 0 in reply to SaschaUrbansky

    Verify this, I tried to be simple.

    On Site1-

    SSL VPN Remote Access:

    Check 'Automatic packet filter rules'

    Local networks = "Internal (Network)" and "LAN at Site2" and "Internet"

    Site-to-site configuration:

    'Remote Gateway' 'Remote Networks' = "LAN at Site2"

    'IPsec Connection' 'Local Networks' = "Internal (Network)" and "VPN Pool (SSL)"

    On Site2 - 

    SSL VPN Remote Access:

    Not activated with the same IP pool as "VPN Pool (SSL) at Site1"

    Site-to-site configuration:

    'Remote Gateway' 'Remote Networks' = "LAN at Site1"and "VPN Pool (SSL) at Site1"

    'IPsec Connection' 'Local Networks' = "Internal (Network)"

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0 in reply to SaschaUrbansky

    Verify this, I tried to be simple.

    On Site1-

    SSL VPN Remote Access:

    Check 'Automatic packet filter rules'

    Local networks = "Internal (Network)" and "LAN at Site2" and "Internet"

    Site-to-site configuration:

    'Remote Gateway' 'Remote Networks' = "LAN at Site2"

    'IPsec Connection' 'Local Networks' = "Internal (Network)" and "VPN Pool (SSL)"

    On Site2 - 

    SSL VPN Remote Access:

    Not activated with the same IP pool as "VPN Pool (SSL) at Site1"

    Site-to-site configuration:

    'Remote Gateway' 'Remote Networks' = "LAN at Site1"and "VPN Pool (SSL) at Site1"

    'IPsec Connection' 'Local Networks' = "Internal (Network)"

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML