This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN CONNECTED can't access my internal server

hello dear's

I have a problem connecting with Sophos SSL VPN


The connection worked fine when I connected to the internal network using Sophos Connect but I am unable to see the servers on the internal network

I checked all the settings and it turned out to be correct
I created a new base for SSL VPN
I removed Sophos Connect and re-installed it, but nothing new

#Does DNAT Rule have anything to do with this scenario or not?



This thread was automatically locked due to age.
  • How do you try to reach the server? name or IP ? explorer or ping?
    First try to ping a device without local firewall like a printer (windows devices may not answer ping requests)
    Try to ping your server
    Do a traceroute to such these devices and post the result.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Maybe you should temporarily remove the DNAT rule for port 443. Or you use another port for the SSL-VPN, like 8443.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I already check the configuration and every things is OK

    the connection is stablsh succssfuly between sophos client to internal LAN but can't ping to my server

    * my internal server's is ofline not publish in internet and no traffic between my internal server's to internet

    # the target (access internal server's from outside only )

  • Please check traffic is hitting the firewall under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 10.1.10.101 and proto ICMP

    from SSH go to option 4 : 

    console>tcpdump 'host <Server IP> and proto ICMP

    console>dr  'host  <ServerIP> and proto ICMP

    Thanks and Regards

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hello,

    it is really hard working with you on sucessfully troubleshooting this.

    Why don't you just answer our questions?

    Or try things we suggest?

    If everything is configured "OK" and the connection is "successful", then it would work like it should, wouldn't it?

    So try to give is some more useful infos and the things we asked for. THANK YOU,

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • hello Dear
    have a good day
    I would like to thank you for your support and interest, but I would like to sincerely apologize to you for this because I am a new member in using the Sophos community and I am trying to be familiar with all its aspects.
    I hope you accept my apology

  • no worries you can share a screenshot of the packet capture under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 10.1.10.101 and proto ICMP in case you need assistance 

    Also, check tcpdump and drop packet capture  from SSH option 4:     

    console>tcpdump 'host <Server IP> and proto ICMP

    console>dr  'host  <ServerIP> and proto ICMP

    Thanks and Regards

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Did you solve this?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.