This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Can't access LAN resources

I followed the guide here (https://community.sophos.com/kb/en-us/122769), to the letter (there's an issue with one of the screenshots with regards to IP range but I worked around it).  I used a the same IP ranges and IP addresses.

When I connect, I can't seem to access any machines on the VLAN1.1

VPN Rule:

Log from VPN Client:

 

Any ideas where I can start to troubleshoot this?



This thread was automatically locked due to age.
  • You used the same IP Address as your VLAN or as the KB? 

    __________________________________________________________________________________________________________________

    • For which part?  There are several places.  Just want to make sure I'm answering your question right...

      • Firewall rule:

         

        Hosts

         

         

        SSL VPN

        VPN Settings

        • Hello,

          The problem is that on the "permitted network ressources (IPV4)" you didn't specify your "local subnet" network range. 

          You have to work with host groups and not #port items in the vpn settings, and the same in your firewall rule for the vpn settings.

           

          Try with that and it should work ! 

           

          Regards

          Viken

          XG Certified Architect

          Sophos Gold Partner - Reseller from Lyon, France

          • OK so new firewall:

             

            New Hosts and services:

             Permitted network resources:

            ACL

             

            Does that look right?

            • Ahhhh.... there's a bug in Sophos where you can't add a Host Group to the permitted list by going to Hosts and Services.  When I create a host group there, it doesn't appear in the two places I needed to use it.  I had to click on the Permitted Groups and click create.  That let me add it to the list.

               

              So now I can connect and access local resources.

               

              One remaining issue is that I'm not able to get to places like google.com though.  So there's an issue with DNS.  Where should I be looking to fix that?

              My VPN Settings are:

               

              • This is because you selected "use as default gateway" in the ssl vpn settings, so if you didnt create a firewall rule allowing the VPN > WAN traffic, it's normal that you can't go on internet while connected to ssl vpn.

                 

                Regards.

                Viken

                XG Certified Architect

                Sophos Gold Partner - Reseller from Lyon, France

                • Well, that was easy.

                   

                  Thanks!!!

              • Hello,


                Could you please share a screenshot of your VPN (Remote Access) Setings, and another one of your "Show VPN settings" sections please.

                Viken

                XG Certified Architect

                Sophos Gold Partner - Reseller from Lyon, France