Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 41 subscribers
  • Views 13735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN routes

Stuart James

I have a firewall that has a public IP address of 22.22.22.22

When I connect via SSLVPN with FULL tunnel, the Sophos Connect client adds a static route to 22.22.22.22 through the local clients firewall/internet, but routes all OTHER traffic over the tunnel.

Is there a way I route the clients actual WAN IP over the tunnel, as I need to do a DNAT for traffic hitting the clients public IP address over internal connections only (which SSLVPN is)



This thread was automatically locked due to age.
Parents
  • 0 in reply to Stuart James

    Why do you try to access your own external IP from inside your LAN (or SSL-VPN)?
    If this redirects to an internal resource, I would use split DNS to reach the internal resource directly.

    And .... while the SSL-VPN-user try to connect the external IP over the internet ... it didn't work?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Stuart James

    Why do you try to access your own external IP from inside your LAN (or SSL-VPN)?
    If this redirects to an internal resource, I would use split DNS to reach the internal resource directly.

    And .... while the SSL-VPN-user try to connect the external IP over the internet ... it didn't work?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    For complicated reasons, DNS is not an option for this solution, although yes, ordinarily this would solve the problem. The port cannot be opened externally, it must be for internal users only.

    Yes, connecting to external IP does not work. I cannot find a way to tell the Sophos SSLVPN to route traffic for that WAN IP across the tunnel.

Unfiltered HTML