Cannot access a remote site over VPN (L2TP over IPSEC) through the Sophos UTM from the local network.

Hi Everyone,

Been reading a lot of posts on here recently to assist me with setting up my Sophos UTM. All seems OK so far except one thing that I just can't work out. At present, I have my Sophos UTM filtering web traffic in transparent mode for both HTTP and HTTPS traffic. I also have the firewall enabled along with the IPS and TCP and UDP flood etc. I have web protection set up and all working as expected.

I also have remote access for L2TP users set up which allows me to connect to my Sophos UTM remotely, which also works and I can access any machine on the internal network. 

Now, I need to access remote networks that aren't my own from my local network through the Sophos UTM, but for the life of me, I cannot get the connection to establish to the remote server. It just times out. I have set my machine's IP address to be whitelisted through the web filtering. I have also set up a rule that allows all traffic from the destination IP address and my Local machine's IP address to be allowed and for both L2TP and IPSEC traffic but it still doesn't connect. But here's the strange thing. Before I added the rule in the firewall, traffic was getting blocked. Now, there are no logs entered in the firewall, web filter or the Intrusion Prevention logs either. I cannot seem to find any logs that are blocking the traffic. 

I also am not sure where else the traffic could be being blocked. I have temporarily disabled all UDP/TCP flooding and even switched off the IP and any other advanced options but still, the VPN doesn't connect.

What am I missing? Hope that you can help.

Thanks,
Mark.

  • Hi Mark and welcome to the UTM Community!

    "Now, I need to access remote networks that aren't my own from my local network through the Sophos UTM" - I don't think anyone is "seeing" what you're asking.  Perhaps a stick figure diagram with IPs and an explanation of what's where.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob,

     

    Thanks for the reply. I have knocked up a quick example of the network to see if it clarifies things a little more.

     

     

    So, PC with IP 192.168.53.100 is trying to establish an L2TP over IPSEC VPN connection to the remote router 82.37.28.190 through the Sophos UTM.

    At present, no matter what I do, I cannot get the connection to establish. I know that the settings being used are correct since when off the local network the VPN works fine.

    As mentioned in my original post, I have tried to allow all traffic from the LAN on any service to anywhere as a temporary rule to see if the connection works but it still doesn't establish a connection.

    I hope that you can help as I am really scratching my head over this one.

    Thanks,

    Mark.

  • In reply to Mark Nicholls:

    I bet if you do #1 in Rulz (last updated 2019-04-17), you will find that you need an Intrusion Prevention Exception for Anti-UDP-flooding.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob,

    Thanks for coming back to me with a potential solution.

     

    I have added an exception that contains the internal network range (192.168.53.x) and then remote server address in the source and the destination locations (to avoid the traffic being checked for both directions for both locations - just in case) and then used the VPN protocols group for the services.

    I have also disabled the UDP flooding temporarily while testing but the connection is still not able to be established.

    I checked the rulz post first before coming here but always worth re-reading and checking again. Is there anything else that I might be missing? I believe that I did disable all of the anti-port and IPS services before when I was trying to get it to work but to no avail.

    Thanks for your support in trying to get this resolved!

    Thanks,
    Mark.

  • In reply to Mark Nicholls:

    If you're not seeing anything in the Intrusion Prevention or Firewall logs, Mark, and your users are able to work normally with other external resources, then I'd suspect the settings in the router.

    Cheers - Bob