I followed this article:
but the vpn client doesn't get the static ip on the lan IP range.
do you know how I can get sophos to either assign specific IP's on the VPN IP range to specific clients (and then just add special rules to thoses IPs) or get it to actualy masquerade the source address.
I'm not good enough with VPNs to implement your proposed solution, but what's your use case? In other words, you have an actual problem you're trying to solve -- some kind of firewall/routing use case -- and you've thought it'll be simplest to have VPN clients masquerade as being actually on a particular LAN rather than on the VPN. But that feels to me like it could open up other problems and is probably not the most efficient way to solve the use cases I can think of.
Of course, you may have been told by management that you need to do this and so you have no choice, but... just asking.
Thank you for contacting the Sophos Community.
The client won’t get a Static IP if you follow that KB, what that KB does, shows you how to masquerade the traffic to trick your app into think the traffic is coming from a specific IP.
I would recommend you upgrade to V19 you have an option in the SSL VPN Global Settings to assign static IPs.
Hello Mousse ,Adding to what Wayne Folta & emmosophos said, this is a know issue:NC-66955 in v19 too. No more than one connection per user if the static IP address is configured. So if more than one connection is attempted, the first connection gets static IP and the subsequent connections get IP addresses from the dynamic pool. One IP address is configured for one remote access user, this IP address is persistent across disconnections. The IP address is one to one mapped to the remote access user.
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.