Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 2183 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Cannot get it to work

Shane Cook

Hi Guys,

Im at my wits end with this one, and would greatly appreciate some help.

XG125 - FW 18.0.0

I am trying to get the SSL VPN setup and for the life of me just cannot get it to work.

My network is as follows. WAN -> ISP MODEM -> XG. Important to note the ISP modem doesn't have bridge mode, I've been looking at replacing it but trying to find one thats compatible with NBN here in Australia with DHCP instead of PPPoE that has bridge mode is proving difficult but thats another story..

So because the ISP modem doesn't have bridge mode, instead it is simply set to forward all ports to the XG. Because the XG sits behind the modem, the XG gets a WAN IP 192.168.0.2 address from the DHCP server on the ISP Modem. To counteract this issue with the VPN in VPN settings i have used the Override hostname and put in the static WAN IP assigned by the ISP.

I have setup a test user (myself) configured the VPN policy as per the Sophos Guide and put the Bridge interface that has all the LAN ports as Permitted resource.

I have created a firewall rule VPN_LAN -- Source: VPN          Source Network: Any                Destination Zone: Any          Destination Network:Any        Match Known Users: Added the test user account

I have a blanket unlinked NAT Rule - Source: Any    Service: Any    Destination: Any Host         Trans Source: MASQ     Service:Original      Destination:Original     Inbound: Any    Outbound: Port 2 (WAN)


I have downloaded the SSL Client and the config, but it simply will not connect. It just continually times out. Looking in the firewall logs, its not even registering any attempts either.

Does anyone have any ideas?








 



This thread was automatically locked due to age.
Parents
  • 0
    Hello, On your iSP modem did you create a port forwarding rule to forward the 8443 port to your XG Wan ip address (192.168.0.2) ? In the permitted ressources of your SSL VPN configuration I suggest you to create a network host object with your LAN network range (eg: 192.168.1.0/24) and to place it as a permited ressource instead of your bridged lan ports. And in your firewall rule, you should specify a destination zone, like LAN. And it should work.

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Hi,

    ISP Modem is in DMZ mode so forwarding all ports.

    I created a network object called LAN with the internal network range and set as permitted resource.

    Still not working.

Reply Children
Unfiltered HTML