Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1071 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use Remote Access SSL VPN to reach 4 different internal networks

Peter Zima

Hello,

We convert the configuration from UTM 135 to XGS 136 and we have one Problem with Remote Access SSL VPN and sNAT.

With the UTM we have a C2S SSL VPN for Homeoffice users to the main office (1).

The main office has 3 additional S2S connections to other locations (networks) (2-4).

User can reach also these networks (2-4) by using this C2S VPN by using sNAT pointed to the internal FW IP

The traffic is transferred by sNAT to the other three networks 2-4.

This works fine with the UTM but we can’t get it work with the XGS.

Please see below the configuration we have done.

@ at the connection list we can see that ping use the roule. but we get no ping or connection to the networks 2-4



This thread was automatically locked due to age.
Parents
  • 0

    Hi Peter,

    Thank you for reaching out to Sophos Community.

    Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

    Can you do and the check Log viewer/packet capture to determine what has happened to the Packet.

    Also, if possible, kindly share the screenshot.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Hi Erick,

    seen many videos, documentation,... but noting that shows the scenario with sub networks behind the main office. Only for the UTM I can find some descriptions. Some additional information the S2S-VPN from the main office to the 3 sub office are new but use the same configuration an before witch the UTM. 13 ist the correct sNAT rule and 17 the correct firewall rule so look like the rules are used for the connection. 

    Just information about a test from a sub office I can ping from sub to main office from the SG135 but don't get trace route information. This work from sub to sub office.

    best regards Peter

Reply
  • 0 in reply to Erick Jan

    Hi Erick,

    seen many videos, documentation,... but noting that shows the scenario with sub networks behind the main office. Only for the UTM I can find some descriptions. Some additional information the S2S-VPN from the main office to the 3 sub office are new but use the same configuration an before witch the UTM. 13 ist the correct sNAT rule and 17 the correct firewall rule so look like the rules are used for the connection. 

    Just information about a test from a sub office I can ping from sub to main office from the SG135 but don't get trace route information. This work from sub to sub office.

    best regards Peter

Children
Unfiltered HTML