Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Access

Hi guys,

Ich a question if someone cam help.

In sopgos xg I have created the ipsec tunnels between the head office and branchoffice.

But strangely I am not able  to ping the branchoffice through ssl vpn but the I can.

I have checked the Fw rules and ssl policies everything looks fine.

Can someone give an idea Bulb 

Best regards 

Nazir



This thread was automatically locked due to age.
Parents
  • Hi, as said above, have you configured the SSL VPN pool inside the tunnel between branch office and head office? And also is het branch-office subnet included in het SSL VPN config?

    Lastly you should also allow traffic from the branch office firewall so in branch office allow traffic from 10.242.2.0 subnet.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Dear Apijnappels, 

    Thanks for your command, I have checked the above the SSL VPN pool is added inside the IPsec tunnel rule between the branch office and the head office. also, the head-branch office subnet is included in SSL VPN config under the tunnel access. but what I found strange when I checked the SSL VPN Claint log I see that the route is deleted see screenshot, please 

    If you like we can make a remote session

  • Looks in the logs the routes are first deleted and then readded. Not sure why this happens, but as they are readded this should be good.

    Have you also checked whether you have firewall rules in the branch office allowing traffic from SSL-pool to branch office LAN?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • The same SSL VPN pool subnet 10.242.2 I am using for UTM SLL Pool and it works in Branchoffice it means there should no firewall block in Branchoffice 

  • Not sure if I get you correctly, but do you have SSL-VPN configured in Branch office with same subnet 10.24.2.0/24 as you have in head office?

    If so than that is the reason for the routing issue since in that case the branch office will not send traffic for 10.242.2.0/24 network back to head office.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Not sure if I get you correctly, but do you have SSL-VPN configured in Branch office with same subnet 10.24.2.0/24 as you have in head office?

    If so than that is the reason for the routing issue since in that case the branch office will not send traffic for 10.242.2.0/24 network back to head office.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children