Sophos SSL VPN XGS116

Question

Hii 
 I have configure SSL VPN; this works well, and clients can connect.. The issue is that we can only access or connect to the devices or nodes that's it's gateway is the firewall IP, we other sophos GW but VPN client cannot access these until we change the gw to the one that has the ssll vpn.

Raphael Alganes · Answer

Hello Shoug, 
 Thanks for sharing these details. From what I understand, Only those whose Default gateway on Local subnet (172.16.100.0/21) is Sophos Firewall are able to establish connection? 
 -What is the Firewall IP (Default Gateway), What are the other DG IP on the local subnet? 
 The reason behind why they can connect back when SF is their DG is, SF knows the route back to SSL VPN network when you set another DG/router that does not know or do not have specific policy to connect to the SSL VPN network, traffic will fail. If you opt to go along the path where SF is not the DG, the router/DG must have a route to 10.81.234.0/24 network --> through the Sophos Firewall then SF --> SSL VPN Network. 
 If you do not have any complex reason or setup, I would suggest changing the LAN network DG to Sophos Firewall IP. 
 Kindly let me if my understanding on your setup is correct. Hope this helps and thank you for choosing Sophos. 
 Regards,

apijnappels · Answer

It was said in another answer above, but check your routes. 
 Every "other" gateway should have a route to the 10.81.234.0/24 network on the SSL Sophos firewall. Also those other firewalls should not have 10.81.234.0 configured locally otherwise traffic will never be able to get from this network to the firewall managing the SSL VPN. 
 SSL-clients in their turn will need the subnets for the other networks in the tunnel (or tunnel all traffic (use as default gateway option)). 
 Also the Sophos firewall with the SSL should have routes to the other firewalls subnets.