Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
We started using Connect and like it so far. We have a number of office locations all connected via IPSEC VPN and they all talk perfectly for normal LAN traffic.
When outside the LAN the Connect auto connect works great. And when we are on the main office LAN Connect sees we are on the LAN and doesnt connect. Perfect!
Main office 192.168.1.x (LAN) 50.x.x.x (WAN)
The problem is when you are in another office ex: 192.168.5.x (LAN) auto connect doesn't think you are on the LAN and tries to start the tunnel. We set up the Auto Connect tunnel option in Connect admin to an accessible spot on 192.168.1.x and you can ping that resource perfectly from the remote offices, but Connect decides you are not on the LAN network and tries to connect via the VPN.
The only thing i noticed was that when you are on the "home office" LAN the autoconnect resource takes <1 ms to ping. When you are at a remote office it takes 20-30 ms to ping
We have all employees regardless of remote office location connecting to the main office (thats where all the servers are)
It is obvious for the connection latency when traffic is sent directly as a part of LAN against the VPN connection.
Would you check into the events to see if there is anything mentioned over there? That will give us some idea why Sophos connect does establish a VPN connection even when it can ping target host.
In reply to Jaydeep:
Which events are you talking about? I see there are numerous logs in the Connect folder
In reply to davepetrangelo:
I am talking about the events before the connection is established. You should be able to track it by timestamp. Does it specify anything about not able to connect the target host?
Im feeling silly here... Where do I find this info??
Windows Event viewer? VPN Log in Connect ? One of the many logs in the connect folder?
Apologies for not clarifying in detail. You should find enough details in Sophos Connect Client event viewer. However, if you don't find enough details there, you should click the About page on Sophos connect Client which contains a ‘Generate TSR’ button which is used to generate the following client log files: charon, sa_events, scvpn and SophosConnectGui_log”.
At this point, it would be worth a Support case to identify the issue.
I think I found it - there was an extra "-" in the auto connect target name
I also added set client DNS suffix to the Domain
So far no issues - fingers crossed
Thanks for the help Jaydeep
I'm glad that it worked out.