Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 39 subscribers
  • Views 3530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Always on VPN

Om3n

Hello All,

 

I apologise if I have missed a specific format or information. I didn't see any specific sets of rules or required information.

 

Has anyone had success with MS Always on VPN in lieu of the in-built XG options? This is on an XG 230. I have been asked to implement this solution for my company and have the two ports for IKEv2 set along with a rule for protocol 50 just in case after much anguish. 

 

It works in the network and a port scan shows 500 and 4500 having the correct services on an open port. I setup some DNAT rules very limited. Basically just masquerading and the services for proto 50, ports 500 and 4500, also currently a reflexive rule as to be honest I'm running out of ideas. The rest of it is fairly unrestricted as I test. Any zone allowed etc. 

 

Any feedback would be greatly appreciated.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As per my understanding, you are trying to configure MS always-on VPN. Could you please share more details on your setup?

    Is MS VPN is behind the XG firewall and you want to forward ports through the XG firewall so that users can connect from WAN side to VPN?

    More information would help us to assist you better.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hello  

    Thank you for your response.

     

    I am trying to forward the ports to the service. It is behind one of the XG. Here is a view of the firewall rule for it. Not much to it. 

     

    I am able to connect internally, and the external port scan appears correct. However I am given a message about the firewall/NAT settings. 

     

    I am sorry if I've missed something. If there is specific information please ask and I would be happy to add the correct information.

     

    Thank you again.

Reply
  • 0 in reply to Keyur

    Hello  

    Thank you for your response.

     

    I am trying to forward the ports to the service. It is behind one of the XG. Here is a view of the firewall rule for it. Not much to it. 

     

    I am able to connect internally, and the external port scan appears correct. However I am given a message about the firewall/NAT settings. 

     

    I am sorry if I've missed something. If there is specific information please ask and I would be happy to add the correct information.

     

    Thank you again.

Children
Unfiltered HTML