This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos xg 310 v 18 VPN error

SSL VPN getiing connected

but can not access servers.

only can access user portal with local IP.

here is the status - 

Fri May 07 14:19:36 2021 TAP-WIN32 device [Local Area Connection 5] opened: \\.\Global\{E826F4A4-40F9-4514-BF05-96DC2FF2BF80}.tap
Fri May 07 14:19:36 2021 TAP-Windows Driver Version 9.21
Fri May 07 14:19:36 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.2.0/192.168.2.6/255.255.255.0 [SUCCEEDED]
Fri May 07 14:19:36 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.6/255.255.255.0 on interface {E826F4A4-40F9-4514-BF05-96DC2FF2BF80} [DHCP-serv: 192.168.2.254, lease-time: 31536000]
Fri May 07 14:19:36 2021 Successful ARP Flush on interface [48] {E826F4A4-40F9-4514-BF05-96DC2FF2BF80}
Fri May 07 14:19:36 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 07 14:19:36 2021 MANAGEMENT: >STATE:1620377376,ASSIGN_IP,,192.168.2.6,,,,
Fri May 07 14:19:40 2021 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Fri May 07 14:19:40 2021 MANAGEMENT: >STATE:1620377380,ADD_ROUTES,,,,,,
Fri May 07 14:19:40 2021 C:\Windows\system32\route.exe ADD 118.185.202.85 MASK 255.255.255.255 192.168.0.1
Fri May 07 14:19:40 2021 Route addition via service succeeded
Fri May 07 14:19:40 2021 C:\Windows\system32\route.exe ADD 172.16.2.0 MASK 255.255.255.0 192.168.2.5
Fri May 07 14:19:40 2021 Route addition via service succeeded
Fri May 07 14:19:40 2021 C:\Windows\system32\route.exe ADD 118.185.202.85 MASK 255.255.255.255 192.168.0.1
Fri May 07 14:19:40 2021 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=15]
Fri May 07 14:19:40 2021 Route addition via service failed
Fri May 07 14:19:40 2021 Initialization Sequence Completed
Fri May 07 14:19:40 2021 MANAGEMENT: >STATE:1620377380,CONNECTED,SUCCESS,192.168.2.6,118.185.202.85,8443,192.168.0.195,50492



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Nadan, Thanks for reaching out to Sophos Community.

    As per these log lines, 172.16.2.0 /24 network is pushed by the firewall to be accessible over the VPN. Are you trying to access resources that are in the same network?

    Ensure that LAN to VPN rule is in place to allow communication to your LAN.

    You can always run a packet capture on GUI from Diagnostics > Packet Capture and Configure a packet capture based on the IP you're trying to ping/access.



    Save and start the packet capture and hit refresh to see the logged packets. Share the snapshots here as well ( Feel free to drop a DM if you don't want to post snapshots publically) 

Reply
  • FormerMember
    0 FormerMember

    Hi Nadan, Thanks for reaching out to Sophos Community.

    As per these log lines, 172.16.2.0 /24 network is pushed by the firewall to be accessible over the VPN. Are you trying to access resources that are in the same network?

    Ensure that LAN to VPN rule is in place to allow communication to your LAN.

    You can always run a packet capture on GUI from Diagnostics > Packet Capture and Configure a packet capture based on the IP you're trying to ping/access.



    Save and start the packet capture and hit refresh to see the logged packets. Share the snapshots here as well ( Feel free to drop a DM if you don't want to post snapshots publically) 

Children