Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 13039 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SSL Only access Internet at 10.242.2.0

ManuelGutierrez

Hi,

 

    I was running my SSL VPN on the default network 10.240.242.0/24 with no problem. Due to a restructuring of networks, I had to move it to 10.240.218.0/24 and users can not surf the Internet. The only change I have made has been to modify VPN Pool (SSL). If I put it back in 10.240.242.0 it works again without problem. I do not understand anything .......



This thread was automatically locked due to age.

  • Is there definetely no traffic to the internet possible or is DNS the problem?

    Are we talking about a S2S SSL-VPN or a Remote Access SSL-VPN?

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • please check the following:

    - firewall rules - possible the use a hard coded network instead of "interface network"

    - DNS - see above

    - masquerading - see above

    - proxy - see above

     

    compare network definitions ... possible the is a network pointing to 10.240.242.0/24


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • in reply to kerobra_retired

    Hi,

     

        A Remote Access SSL VPN.

     

        Ping to 8.8.8.8  not run.

     

         I find a hard network 10.240.242 but I not search.

     

         First firewall rule    VPN Pool (SSL) --> Any --> Any

        

         The UTM don't masquerading, we have balancers how gateway of the UTM

     

          Not proxy active

     

          With 10.242.2   I do ping to 10.242.2.1 (who is 10.242.2.1 ???)  whit 10.240.218  I don¡t ping to 10.240.218.1 

         

          Regards

  • in reply to ManuelGutierrez

    Check the Firewall log, Manuel.  If you don't see any relevant drops in there, you have a routing problem.  See #1 in Rulz and the items in #3.1.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML