Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is wrong with my remote-access SSL VPN settings !?

Hello everyone,

I am using Sophos XG v18.5 MR 4. This is my ACL matrix:

I have been following either one of these instructions to create a working remote-access SSL VPN:

_ Configure remote access SSL VPN with Sophos Connect client: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNRemoteAccessSSLVPNSophosConnectClient/index.html

_ Sophos Firewall: Configure IPsec and SSL VPN Remote Access: https://www.youtube.com/watch?v=wXUmWX1kDx4 

_ Sophos XG Firewall (v18): How to configure SSL VPN remote access: https://www.youtube.com/watch?v=rFMD2Kb7dWA

I use OpenVPN Community Edition v2.4.12 to import and activate the .ovpn profile ( https://openvpn.net/community-downloads/ ). The remote connection has been established successfully, however I can not connect to any of the LAN resources as well as the firewall's admin page itself.

What is wrong with my settings, and (or) VPN client ? Do I have to use the Sophos client instead of OpenVPN client in order to connect ?

Thank you very much in advance.



This thread was automatically locked due to age.
Parents
  • Hi J Thai,

    Thank you for sending a message to Sophos Community.

    Since the VPN connection is already established. Have you created an FW Rule "VPN to LAN "rule to allow access to local resources?

    Have you allowed it on the Permitted resources?

    Also, have you checked the logs and what does it say when accessing the local resource?

    For more reference, kindly follow the KB guide for trouble shooting:support.sophos.com/.../KB-000036884

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hello buddy,

    Thanks for you reply. Here are my SSL VPN's permitted resources and firewall rule:

    Just a few more questions I would like to ask you. Sorry for being a noob:

    1. Do I have to add all the LAN subnets that I want to grant access for the SSL VPN into the Permitted network resources IPv4 beside the Local Subnet, or just creating a VPN_to_LAN firewall rule alone is enough ?

    2. What purpose does the firewall rule I have created in the screenshot above have ? If another VPN_to_LAN rule is to be created, is a NAT rule for it also necessary ?

    3. In addition, I would also want to have Internet connectivity under the Sophos XG host's WAN IP when I am connecting via this VPN interface. How will the VPN_to_WAN rule look like, and is a NAT rule for it also needed ?

    Thank you very much again. 

    HP T620 Plus @ Sophos XG v19.5.3 MR3 - Build 652.

Reply
  • Hello buddy,

    Thanks for you reply. Here are my SSL VPN's permitted resources and firewall rule:

    Just a few more questions I would like to ask you. Sorry for being a noob:

    1. Do I have to add all the LAN subnets that I want to grant access for the SSL VPN into the Permitted network resources IPv4 beside the Local Subnet, or just creating a VPN_to_LAN firewall rule alone is enough ?

    2. What purpose does the firewall rule I have created in the screenshot above have ? If another VPN_to_LAN rule is to be created, is a NAT rule for it also necessary ?

    3. In addition, I would also want to have Internet connectivity under the Sophos XG host's WAN IP when I am connecting via this VPN interface. How will the VPN_to_WAN rule look like, and is a NAT rule for it also needed ?

    Thank you very much again. 

    HP T620 Plus @ Sophos XG v19.5.3 MR3 - Build 652.

Children