Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
This article describes how to configure SSL VPN remote users to have access over a site-to-site IPsec VPN.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Allow SSL VPN remote users to access a remote site via a site-to-site IPsec VPN tunnel.
This article requires that an SSL VPN remote access and an IPsec VPN tunnel between two sites are already configured and established. Please see the following articles to configure these requirements.
In order to provide access for SSL VPN remote users to a remote site via a site-to-site IPsec VPN tunnel, it is necessary to configure the networks that will be accessed in both the SSL VPN Remote Access and the site-to-site IPsec VPN tunnel connections. In the example scenario, the following networks should be included in the configuration.
Permitted Network Resources
For ease of configuration, a LAN-VPN and VPN-LAN rule combined into one firewall rule can be configured in both Site 1 and Site 2.
Note: The firewall configuration above will allow traffic to flow between the LAN to VPN, VPN to LAN and VPN to VPN zones. However, this can also be configured separately.
Once the required networks and firewall rules are configured, SSL VPN Remote Access users should be able to access Site 2's network.
A trace route from the SSL VPN Remote Access user to a host on Site 2.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.