Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 41 subscribers
  • Views 13735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN routes

Stuart James

I have a firewall that has a public IP address of 22.22.22.22

When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel.

Is there a way I route the clients actual WAN IP over the tunnel, as I need to do a DNAT for traffic hitting the clients public IP address over internal connections only (which SSLVPN is)



This thread was automatically locked due to age.
Parents
  • 0

    Hi Stuart James,

    the first part: "When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel." is necessary, because the traffic to the VPN-Gateway cant go through the tunnel ... like configured for all the other traffic.

    The second part: sorry, I don't understand what you're trying to achieve


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    1. User connects to SSLVPN

    2. User tries to go to WAN IP address of firewall on port 8888

    3. Traffic with destination of WAN IP on port 8888 goes across SSLVPN tunnel

    At the moment it doesn't, it goes out through local internet because Sophos Connect adds a static route for the WAN IP to go through local router

Reply
  • 0 in reply to dirkkotte

    1. User connects to SSLVPN

    2. User tries to go to WAN IP address of firewall on port 8888

    3. Traffic with destination of WAN IP on port 8888 goes across SSLVPN tunnel

    At the moment it doesn't, it goes out through local internet because Sophos Connect adds a static route for the WAN IP to go through local router

Children
No Data
Unfiltered HTML