Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3619 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-Remote access over IP-SEC Site to site tunnel

Rolf M

Hi Community,

maybe you are wondering what I plan to do, just because of the title, but nevertheless you opened this threat. :-)

So, I've got a small remote office with some users, they have a small utm, DSL Line, no static IP, typical small environment. But they have their own User directory and their own Fileserver, where they want to have access to. It would be easy to give them SSL-VPN Remote Access, but they don't have a static IP. I don't want to mess around with dyndns.

And I have my main office, where I have a public IP-Network and a big UTM and so on.

So in order to give them the chance to do Remote Access I thought it could work out to establish a IP-SEC Tunnel from the small-office to the main office and to give them a small public ip-network over the ip-sec connection. So far, so good, but how to bind the SSL-VPN to the tunnel. Since you can only select "real network interfaces" on the ssl settings tab, I don't see any chance to bind the ssl-vpn to the "tunneld" pubilc IP address.

Got my problem? Anyone been so crazy as to try something like this bevore?

Regards, Rolf



This thread was automatically locked due to age.
Parents
  • 0

    Hi Rolf,

    If I followed your description of what you want to accomplish, I think you want to base your solution on How to allow remote access users to reach another site via a Site-to-Site Tunnel.  Instead of the "Internet" object, just add the desired targets to the IPsec tunnel.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob, Basicaly it's the Same idea. But I don't want to have the Remote users to log in to the Main utm. I want to have them administered in the remote Site. Maybe this cannot be realized and would need utm to be changed, but I thought there could be someone having done this bevore. Regards Rolf
  • 0 in reply to Rolf M

    I didn't read closely enough the first time, Rolf.  I think your only solution is DynDNS or one of the other free services.  I would set that up in the remote site and then create a CNAME FQDN in your authoritative name server so that your users can access at wolfach.yourdomain.de.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Rolf M

    I didn't read closely enough the first time, Rolf.  I think your only solution is DynDNS or one of the other free services.  I would set that up in the remote site and then create a CNAME FQDN in your authoritative name server so that your users can access at wolfach.yourdomain.de.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML