Use Remote Access SSL VPN to reach 4 different internal networks

Question

Hello, 
 We convert the configuration from UTM 135 to XGS 136 and we have one Problem with Remote Access SSL VPN and sNAT. 
 With the UTM we have a C2S SSL VPN for Homeoffice users to the main office (1). 
 The main office has 3 additional S2S connections to other locations (networks) (2-4). 
 User can reach also these networks (2-4) by using this C2S VPN by using sNAT pointed to the internal FW IP 
 The traffic is transferred by sNAT to the other three networks 2-4. 
 This works fine with the UTM but we can&rsquo;t get it work with the XGS. 
 Please see below the configuration we have done. 
 @ at the connection list we can see that ping use the roule. but we get no ping or connection to the networks 2-4

Peter Zima · Accepted Answer

Hi Erick, 
 no the client can connect to the mail office and reach the resource at the main office. But he isn't able to use the resources (networks) of the sub office witch are connected via IPSEC. There is no manual how to configure this! The way I showed worked at the SG135,...but not at the XG. I'm wondering that this normal case of use is not documented. 
 But the good news I solved the problem by setting separates routes on the console mode. 
 console> system ipsec_route add net 10.182.0.0/255.255.0.0 tunnelname MainOffice2SubOffice1 (this is name your ipsec tunnel at the S2S-VPN ) 
 I think that is a very important additional information for all configurations with sub networks 
 best regards Peter

Erick Jan · Answer

Hi Peter, 
 Kindly try the following KB 
 How to troubleshoot SSL VPN remote access connectivity and data transfer issues 
 Configure remote access SSL VPN with Sophos Connect client

Use Remote Access SSL VPN to reach 4 different internal networks

Top Replies