Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3618 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-Remote access over IP-SEC Site to site tunnel

Rolf M

Hi Community,

maybe you are wondering what I plan to do, just because of the title, but nevertheless you opened this threat. :-)

So, I've got a small remote office with some users, they have a small utm, DSL Line, no static IP, typical small environment. But they have their own User directory and their own Fileserver, where they want to have access to. It would be easy to give them SSL-VPN Remote Access, but they don't have a static IP. I don't want to mess around with dyndns.

And I have my main office, where I have a public IP-Network and a big UTM and so on.

So in order to give them the chance to do Remote Access I thought it could work out to establish a IP-SEC Tunnel from the small-office to the main office and to give them a small public ip-network over the ip-sec connection. So far, so good, but how to bind the SSL-VPN to the tunnel. Since you can only select "real network interfaces" on the ssl settings tab, I don't see any chance to bind the ssl-vpn to the "tunneld" pubilc IP address.

Got my problem? Anyone been so crazy as to try something like this bevore?

Regards, Rolf



This thread was automatically locked due to age.
  • 0

    Hi Hern,

    Establishing IPSec tunnel between the two end is enough to provide the remote users access to the Head Office Network. I hope that was the actual requirement.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachingurung,

    no, the question is not accessing the main office from the small site, that's clear.

    The question is how to give the users of the small office access to their systems at the small site.

     

    I know that there are several other options. You could run the remote access on the main office and route them over the tunnel to the small-office. Downsite, you must administer the users at the main site, don't like that.

    As mentioned bevor you could use dyndns as well, to access the dynamic public ip of the small-office, but that is not nice.

    I think, there are even more options, but the one I'd like best, is the one I've outlined.

    Any suggestion?

    Regards, Rolf

  • 0

    Hi Rolf,

    If I followed your description of what you want to accomplish, I think you want to base your solution on How to allow remote access users to reach another site via a Site-to-Site Tunnel.  Instead of the "Internet" object, just add the desired targets to the IPsec tunnel.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob, Basicaly it's the Same idea. But I don't want to have the Remote users to log in to the Main utm. I want to have them administered in the remote Site. Maybe this cannot be realized and would need utm to be changed, but I thought there could be someone having done this bevore. Regards Rolf
  • 0 in reply to Rolf M

    I didn't read closely enough the first time, Rolf.  I think your only solution is DynDNS or one of the other free services.  I would set that up in the remote site and then create a CNAME FQDN in your authoritative name server so that your users can access at wolfach.yourdomain.de.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML