Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-toSite VPN cannot access XG on remote site using normal 4444 port.

I have set up a iPsec VPN between 2 sites (Site A 192.168.99.x, Site B 192.168.1.x)

The VPN works fine and I can access servers on SITE B from SITE A via RDP connections using local IP's

However If I try to access the XG device at SITE B (https://192.168.1.3:4444) from SITE A it will not connect. - I have also found other connections on SITE B are also not found including the Sophos Firewall Manger device (hardware). I can ping these device with no problem from SITE A -> SITE B - very strange ?

 

Running ( XG210 (SFOS 17.1.1 MR-1) )



This thread was automatically locked due to age.
Parents Reply Children
  • Maybe i can provide some kind of Workaround.

     

    Let me paint the picuture.

     

    Client with Browser - Router - Ipsec Tunnel - XG - Webadmin Interface(192.168.190.1/24)

     

     

    On The Router (SG / XG / Whatever), i apply following iptables command. 

    iptables -t mangle -I POSTROUTING -d 192.168.190.1/32 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900
    
     

    __________________________________________________________________________________________________________________

  • Hi,

     

    It's seems to work when I apply a 900 MSS on the LAN Interface.

     

    So now, what's the impact on the trafic or anything else if I let this like that ?

     

    Thanks.

    Ludo.