SSLVPN routes

I have a firewall that has a public IP address of 22.22.22.22

When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel.

Is there a way I route the clients actual WAN IP over the tunnel, as I need to do a DNAT for traffic hitting the clients public IP address over internal connections only (which SSLVPN is)

Edited TAGs
[edited by: emmosophos at 5:41 PM (GMT -8) on 21 Nov 2023]

Top Replies

dirkkotte 20 days ago +1

Hi Stuart James, the first part: "When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all…

Parents

0 dirkkotte 20 days ago

Hi Stuart James,

the first part: "When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel." is necessary, because the traffic to the VPN-Gateway cant go through the tunnel ... like configured for all the other traffic.

The second part: sorry, I don't understand what you're trying to achieve

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 dirkkotte 20 days ago

Hi Stuart James,

the first part: "When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel." is necessary, because the traffic to the VPN-Gateway cant go through the tunnel ... like configured for all the other traffic.

The second part: sorry, I don't understand what you're trying to achieve

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Stuart James 19 days ago in reply to dirkkotte

1. User connects to SSLVPN

2. User tries to go to WAN IP address of firewall on port 8888

3. Traffic with destination of WAN IP on port 8888 goes across SSLVPN tunnel

At the moment it doesn't, it goes out through local internet because Sophos Connect adds a static route for the WAN IP to go through local router
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel