This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN and PPTP not working correctly

Hi All,

 

I have setup SSLVPN and PPTP on my SG330 UTM. I managed to get connected to it from outside and able to ping my internal IP of the firewall. However I'm not able to access all the internal servers and internet once connected.

 

A brief explanation on my network is that all the machines are pointing the core switch as its default gateway. And the core switch has the firewall as its default gateway. I have 3 VLAN on my network. Please assist guys! TIA



This thread was automatically locked due to age.
  • Depends a bit on your network design.
    As far as I understand you have 3 VLANs, lets say VLAN1 10.1.0.0/24, VLAN2 10.1.1.0/24 and VLAN3 10.1.2.0/24. Your core switch is the gateway for two VLANs (lets say the last 2 ones), the UTM is in the 10.1.0.0 network and defined as default gateway of the switch. To reach devices in VLAN2+3 the UTM needs to know how (static routing for 10.1.1.0/24 and 10.1.2.0/24 -> core switch).

    Then you would have to add 10.1.0.0 (network) and the 2 additional network definitions for vlan2 and vlan3 to "Local networks" in SSL VPN config.

    For more precise help please give more precise details of your network structure.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • Yes. What you explain about my network design is correct. For example VLAN 1 : 192.168.0.0/24 , VLAN 2 : 192.168.122.0/24 , VLAN 3 : 10.101.111.0/24. My firewall has an IP address of 192.168.0.53.

     

    So for both PPTP and SSLVPN I have the same issue. I use the default IP pool from sophos to provide the ip address for my machine when I get connected. So when I get connected I can ping my firewall which is 192.168.0.53. But not the other machines in all the VLANS. Easier to say, the traffice just stop at 192.168.0.53 and not sure where to go to after that.

     

    Sorry for my english and lack of clarity in explanation.

  • Hi Ariff and welcome to the UTM Community!

    Kevin gave you the answer above.  You need Static Gateway routes.  If the IP of your core switch is 192.168.0.1, then you would need '{192.168.122.0/24} -> {192.168.0.1}', etc.

    Another solution would be to define all three VLANs on one NIC and then change the core switch to include all three on the connection to the UTM.  This would be a solution that would simplify your configuration and future changes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BOB,

     

    I have include that in the static gateway route but still not able to get through to my server. I'm not able to ping my core switch when I get connected via PPTP or SSLVPN.

     

     

    LAN_SG (includes all the vlan in my network)

    Gateway LAN 1 (Is my core switch IP add)

  • Pinging is regulated on the 'ICMP' tab of 'Firewall'.  The "All" Service only includes TCP and UDP - none of the other IP Protocols are included.  Check the Firewall log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks bob for your reply. I have checked the option in ICMP tab and theres no difference. From my traceroute, the path stops at 10.241.2.1 which I understood is the gateway for the SSLVPN default dhcp pool.. Is there anything I need to allow or add so that the packet knows where to go after reaching the gateway or is there something wrong with my configuration.