We'd love to hear about it! Click here to go to the product suggestion community
I've been struggling with an issue for some time now, but cannot seem to find a straightforward way to get it to work properly. The thing is to get a SSL or IPsec remote user to connect to services behind an MPLS through an XG.
This is a scenario:
Head Office with XG in New York 192.168.0.1/24 WAN GW is the XG 10.0.0.1.
Branch Office with XG in London 192.168.1.1/24 WAN GW is the XG 10.0.0.1.
Both New York and London are connected through an MPLS on the LAN network ad reached through static routes on 192.168.0.10 in New York and 192.168.1.10 in London respectively.
User1 in NY connects to XG through SSL and gets default DHCP IP assigned in range 10.81.234.0/24.
User1 in NY reaches devices on NY LAN 192.168.0.0/24 OK.
User1 cannot reach London devices on London LAN 192.168.1.0.
I’ve tried several configurations such as adding the SSL lease DHCP address range in NY to the London Network and vice-versa. I've also tried NATing the outgoing rule of the NY network going to London. Any brilliant mind with suggestions?
it looks like a Firewall Rule is missing...Please check this KB -> https://community.sophos.com/kb/en-us/123140 > The point I refer to is "Add firewall rules" there you will have to allow the Zones to communicate to each other. ;)Best regardsEli.
In reply to Eli:
This is not really the case. There is no site-to-site established by the firewalls but rather by an MPLS through a telecom operator. The IPsec or SSL are remote users with IPSec or SSL clients.
In reply to @wajdiaa:
Hi @wajdiaa It would be great if you could share a network diagram to understand the scenario better so we may provide further assistance on the reported issue.
As per my understanding, you have to add 192.168.1.1/24 network in the permitted network of SSL VPN configuration of the NY XG, please also create VPN to MPLS zone firewall rule in the NY XG firewall and use packet capture utility to check on NY XG firewall that traffic being forwarded to London through the firewall and if it is forwarded then check MPLS to allow that traffic and also check whether London is receiving the traffic or not - https://community.sophos.com/kb/en-us/123189
this is how I understood your network setup:That is the reason why I posted the KB provided. :DSincerelyEli.
Misunderstood the remote client access. Will try asap.
In reply to Keyur:
Keyur, I'll forward to client to test and get back to me.