Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Asign static IP (from LAN IP range and not VPN IP range) to VPN clients


I followed this article:

but the vpn client doesn't get the static ip on the lan IP range.

do you know how I can get sophos to either assign specific IP's on the VPN IP range to specific clients (and then just add special rules to thoses IPs) or get it to actualy masquerade the source address.


This thread was automatically locked due to age.
  • I'm not good enough with VPNs to implement your proposed solution, but what's your use case? In other words, you have an actual problem you're trying to solve -- some kind of firewall/routing use case -- and you've thought it'll be simplest to have VPN clients masquerade as being actually on a particular LAN rather than on the VPN. But that feels to me like it could open up other problems and is probably not the most efficient way to solve the use cases I can think of.

    Of course, you may have been told by management that you need to do this and so you have no choice, but... just asking.

  • Hello there,

    Thank you for contacting the Sophos Community.

    The client won’t get a Static IP if you follow that KB, what that KB does, shows you how to masquerade the traffic to trick your app into think the traffic is coming from a specific IP.

    I would recommend you upgrade to V19 you have an option in the SSL VPN Global Settings to assign static IPs.


    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello  ,

    Adding to what  &  said, this is a know issue:NC-66955  in v19 too. No more than one connection per user if the static IP address is configured. So if more than one connection is attempted, the first connection gets static IP and the subsequent connections get IP addresses from the dynamic pool. One IP address is configured for one remote access user, this IP address is persistent across disconnections. The IP address is one to one mapped to the remote access user.

    Thanks & Regards,

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case

    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.