No outbound traffic from LAN to VPN

I'm from a UniFi background where everything is nice and simple point and click so sorry for yet another “I cant connect post” but I’ve followed most of the threads I can find but still struggle.

 

A quick summary. I’ve configured SSL VPN (Remote access) but can’t seem to access any network resources or ping any ip’s

 

I can see data in bound on the packet capture tool, but nothing flowing the other direction. Also looking at the firewall rules, it seems data is coming from VPN but not heading backout which is where I think the problem is. But I cant fathom it out.

 

Any ideas?

 

 

 

 

 

 

  • Hello Pete,

    Thank you for contacting your Sophos Community!

    Are you using v18 or v17.5?

    1) I would recommend you to change in your VPN to LAN Firewall rule the source zone to be VPN

    2) Make sure under System >> Administration >> Device Access >> Local Service ACL, Ping is selected for VPN and LAN

    3) Make sure you don't have any conflicting rules above this Firewall rule

    4) Sometimes hosts will not reply to packets that come from a different subnet, in this case, please check the Masquerading option in the VPN to LAN firewall rule you created

    5) Run the following command from the Advanced Shell of the Xg (Connect using Putty and after authenticating with the Admin user, press 5 >3)  to confirm the packet flow

    #tcpdump -eni tun0 host Y.Y.Y.Y and proto ICMP (Y.Y.Y.Y = IP you got on your SSL VPN) to stop press ctrl + c

    #tcpdump -eni any host X.X.X.X and host Y.Y.Y.Y and proto ICMP (X.X.X.X = IP you are trying to ping, Y.Y.Y.Y is the SSL VPN IP) to stop press ctrl + c 

    #cish 

    console> drop-packet-capture 'host Y.Y.Y.Y' (Y.Y.Y.Y = IP you got on your SSL VPN) if you see anything here it means the XG is dropping this traffic. 


    If the issue still persists let me know.

    Regards,