Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 2418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN IPSEC Client can't connect to one specific Device on the local network.

M Bel

Hello,

I've got a strange problem to get a connection between a VPN IPSEC Client to a single device (IP-Camera) that is connected to the LAN.

The XG-Firewall is running the DHCP- and DNS-Server. What I've noticed is that the camera lacks a "client hostname" on the IPv4-lease-list (Network/DHCP Menu).

Can this be an issue? The IP-Cam has a static lease.

From inside the LAN the IP-Cam can be reached without any problems. The VPN Client can also connect to other devices located in the same LAN as the IP-Camera without any problems. The issue is only with the IP-Camera.

I've tried to assign a manual DNS-Host-Entry to the IP-Camera but that did not resolve the problem. In addition there is no firewall rule that blocks the traffic to the IP-Cam.

Thanks in advance for any help.

Regards,

Marc



This thread was automatically locked due to age.
Parents
  • 0

    Hi Marc,
    did you try to ping the camera?
    did you try different VPN-users / Client destinations?
    Which protocol do you use to access the camera?
    Do you use the proxy?
    Check the firewall & WebFilter log for traffic from VPN-Client & Camera.
    Which IP you have at VPN-Client (local IP & VPN-IP), Firewall, camera?
    Missing DNS should be not a problem.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk,

    thank you for your support.
    Yes I tried to ping the cam without luck, the device is pingable from the LAN. Other devices on the same subnet are also reacheable from the vpn client.
    I checked the policy of the vpn user and even created a new one with practically full access without any solution.
    Usually I use the rtsp stream of the cam, but even its simple http webinterface is not reachable.
    No there is no proxy in the middle.
    The firewall log does not show anything blocked concerning the destination IP of the cam.
    The Firewall and the cam are in the 192.168.0.0/24 subnet, the VPN-Client range is set to 192.160.1.10 to 192.168.1.20.
    I've tried to assign another IP to the cam through the DHCP but no luck either.
    I am wondering why only the cam is affected with this issue and not other devices that are located in the same subnet.


     

  • +1 in reply to M Bel

    possible the cam ignores the gateway from DHCP / should work from local subnet only ...?

    You may try to mask the traffic going to the cam.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk,

    your suggestion was a hit! Many thanks!

    I just tried the following NAT Rule (frankly, without knowing if it is 100% correct, if not please correct):


    Source: VPN Clients:192.168.1.10-192.168.1.20
    Service: Any service
    Destination: Cam

    Source: MASQ
    Service: Original
    Destination: Original

    Inbound: Any interface
    Outbound: Any interface

    I could narrow down the services used to the specific ports.

    It seems that the cam ignores the gateway config even if set manually without dhcp.

    Greets,

    Marc

Reply
  • 0 in reply to dirkkotte

    Hello Dirk,

    your suggestion was a hit! Many thanks!

    I just tried the following NAT Rule (frankly, without knowing if it is 100% correct, if not please correct):


    Source: VPN Clients:192.168.1.10-192.168.1.20
    Service: Any service
    Destination: Cam

    Source: MASQ
    Service: Original
    Destination: Original

    Inbound: Any interface
    Outbound: Any interface

    I could narrow down the services used to the specific ports.

    It seems that the cam ignores the gateway config even if set manually without dhcp.

    Greets,

    Marc

Children
No Data
Unfiltered HTML