This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cant connect VPN outside

cant connect VPN outside 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey Jalal, 

    Provide more details on the issue and which type of VPN is it? 

  • VPN SSL remote access,  our employees cant access or connect to VPN outside the country, but inside the country can connect & access the same SSL VPN remote access. 

  • Hello Jalal,

    Good day!

    Please check this troubleshoot SSL VPN remote access connectivity as asked follows:

    Here, we need to identified that whether firewall is receiving traffic on SSL VPN Port from the Client Public IP or not?

    Verify the SSL VPN traffic flow from the console

    Log in to the command-line interface (CLI) and select 4: Device Console. Run the following command, which uses the default SSL VPN port 8443, to analyze the output.

    tcpdump "port 8443"

    Verify the drop packet capture for SSL VPN

    Log in to the command-line interface (CLI) and select 4. Device Console to run the following command, which uses the default SSL VPN port 8443.

    drop-packet-capture “port 8443”

    Verify the logs from the advance shell

    Log in to the command-line interface (CLI) and select 5: Device Management then 3: Advanced Shell and type the following command:

    tail -f /log/sslvpn.log

    Same SSL VPN Client logs required from End client machine also.

    Also, please verify the firewall rule which is processing the traffic.

    In the event that the SSL VPN connects successfully but users are not able to connect to the allowed resources behind the Sophos XG Firewall, verify if a firewall rule is created and configured. If any specific service is selected in this rule, try allowing any service and check the connectivity.

    -----------------------

    Thank & Regards,

    Nilesh Mojidra

    If a post solves your question, use the 'Verify Answer' link.

  • logs from the machine 

    21:28:09.485501 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 68: 172.16.16.2.443 > 196.150.32.59.43143: Flags [S.], seq 3154152405, ack 2634517918, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 1], length 0
    21:28:09.653794 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43143 > 172.16.16.2.443: Flags [.], ack 1, win 32, length 0
    21:28:09.654769 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 72: 196.150.32.59.43143 > 172.16.16.2.443: Flags [P.], ack 1, win 32, length 16
    21:28:09.654792 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 56: 172.16.16.2.443 > 196.150.32.59.43143: Flags [.], ack 17, win 14600, length 0
    21:28:09.654870 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:10.104977 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:10.608970 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:11.616969 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:13.636973 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:17.680975 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:25.760973 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:26.147416 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 76: 196.150.32.59.43142 > 172.16.16.2.443: Flags [S], seq 1666651032, win 65535, options [mss 1300,sackOK,TS val 907407213 ecr 0,nop,wscale 12], length 0
    21:28:26.147507 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 68: 172.16.16.2.443 > 196.150.32.59.43142: Flags [S.], seq 4024258472, ack 1666651033, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 1], length 0
    21:28:26.311367 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43142 > 172.16.16.2.443: Flags [.], ack 1, win 32, length 0
    21:28:26.314560 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 72: 196.150.32.59.43142 > 172.16.16.2.443: Flags [P.], ack 1, win 32, length 16
    21:28:26.314582 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 56: 172.16.16.2.443 > 196.150.32.59.43142: Flags [.], ack 17, win 14600, length 0
    21:28:26.314662 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 28
    21:28:26.477378 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43142 > 172.16.16.2.443: Flags [.], ack 29, win 32, length 0
    21:28:28.441013 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 72: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 16
    21:28:28.884960 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 72: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 16

Reply
  • logs from the machine 

    21:28:09.485501 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 68: 172.16.16.2.443 > 196.150.32.59.43143: Flags [S.], seq 3154152405, ack 2634517918, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 1], length 0
    21:28:09.653794 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43143 > 172.16.16.2.443: Flags [.], ack 1, win 32, length 0
    21:28:09.654769 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 72: 196.150.32.59.43143 > 172.16.16.2.443: Flags [P.], ack 1, win 32, length 16
    21:28:09.654792 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 56: 172.16.16.2.443 > 196.150.32.59.43143: Flags [.], ack 17, win 14600, length 0
    21:28:09.654870 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:10.104977 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:10.608970 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:11.616969 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:13.636973 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:17.680975 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:25.760973 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43143: Flags [P.], ack 17, win 14600, length 28
    21:28:26.147416 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 76: 196.150.32.59.43142 > 172.16.16.2.443: Flags [S], seq 1666651032, win 65535, options [mss 1300,sackOK,TS val 907407213 ecr 0,nop,wscale 12], length 0
    21:28:26.147507 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 68: 172.16.16.2.443 > 196.150.32.59.43142: Flags [S.], seq 4024258472, ack 1666651033, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 1], length 0
    21:28:26.311367 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43142 > 172.16.16.2.443: Flags [.], ack 1, win 32, length 0
    21:28:26.314560 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 72: 196.150.32.59.43142 > 172.16.16.2.443: Flags [P.], ack 1, win 32, length 16
    21:28:26.314582 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 56: 172.16.16.2.443 > 196.150.32.59.43142: Flags [.], ack 17, win 14600, length 0
    21:28:26.314662 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 84: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 28
    21:28:26.477378 Port2, IN: In ec:ad:e0:49:91:4c ethertype IPv4 (0x0800), length 62: 196.150.32.59.43142 > 172.16.16.2.443: Flags [.], ack 29, win 32, length 0
    21:28:28.441013 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 72: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 16
    21:28:28.884960 Port2, OUT: Out 00:e0:20:15:0f:ee ethertype IPv4 (0x0800), length 72: 172.16.16.2.443 > 196.150.32.59.43142: Flags [P.], ack 17, win 14600, length 16

Children
No Data