Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 7187 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Site-to-Site SNAT not working

Kosta88

Hello,

I have two Sophos, SG125 and home-built, one at home and one at work.

I either connect with RemoteSSL from my client to work, or I establish a Site-to-Site between home and work. SG125 at work is a "server", home Sophos is a "client".

I am using SNAT to translate SSL-Pool to an Internal Network at work, because otherwise I can't access one further router.

 It seems that the SNAT rule that works with RemoteSSL (I check that by simply tuning the rule on/off), but doesn't work with SSL Site-to-Site. Can it be? Or is there some other setting that might cause the problem?

Btw. tried with IPSEC S2S, same outcome.

 Any ideas please?

Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Yeah, sorry, I'd forgotten that and I was also thinking about a RED tunnel solution I did recently.  In fact, assuming that the further router at work has the SG 125 as its default gateway d that the UTM already has a route to the subnet behind the further router, no additional routes or NATs should be required...

    When working with two UTMs connected with a site-to-site, I change the "VPN Pool (????)" objects in one to avoid possible conflicts.  For example "VPN Pool (SSL)" = 10.242.2.0/24 in the office and 10.242.12.0/24 in your home.

    If the office UTM is the server side of the SSL VPN site-to-site, add the network on the other side of the further router to 'Local Networks' and {10.242.2.12.0/24} to 'Remote Networks'.  Load the new client into the home UTM and you should be good to go.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Yeah, sorry, I'd forgotten that and I was also thinking about a RED tunnel solution I did recently.  In fact, assuming that the further router at work has the SG 125 as its default gateway d that the UTM already has a route to the subnet behind the further router, no additional routes or NATs should be required...

    When working with two UTMs connected with a site-to-site, I change the "VPN Pool (????)" objects in one to avoid possible conflicts.  For example "VPN Pool (SSL)" = 10.242.2.0/24 in the office and 10.242.12.0/24 in your home.

    If the office UTM is the server side of the SSL VPN site-to-site, add the network on the other side of the further router to 'Local Networks' and {10.242.2.12.0/24} to 'Remote Networks'.  Load the new client into the home UTM and you should be good to go.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML