Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Unable to access remote access VPN L2TP Client from main office

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 7 replies
Answers 1 answer
Subscribers 40 subscribers
Views 2928 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to access remote access VPN L2TP Client from main office

shahzaib 5 months ago

Hi

I am trying to ping/RDP L2TP client from Main office but unable to access but through L2TP client I can access my office network.

Thank you

Policy tester

Rules and policies

NAT Rule

This thread was automatically locked due to age.

Top Replies

Sreenivasulu Naidu 4 months ago in reply to Mayur Makvana +2 suggested

Hi @ shahzaib , pls ensure to enable Firewall rule to allow ICMP echo request on your Laptop (Windows?)

Parents

0 Sreenivasulu Naidu 5 months ago

Hi shahzaib , what is the use-case you are trying out by pinging the virtual ip assigned to the L2TP client?

You should be able to ping virtual ip assigned to the L2TP client from SFOS or from the LAN client of SFOS (as per your diagram).

Do you have Firewall rule enabled to accept LAN to VPN for the hosts of interest? if not, this is required.

Do this while pinging virtual ip assigned to the L2TP client either from SFOS or from LAN client of SFOS

tcpdump -n host <l2tp ip> and icmp

In working case, you should be seeing packets egressing from ppp0 interface and ingressing back.
Cancel
Vote Up 0 Vote Down

Cancel
0 shahzaib 4 months ago in reply to Sreenivasulu Naidu

Actually we have some users that are working from remote, we need to give them technical support via RDP or VNC mostly are windows based clients.

I already created firewall rule and in policy tester it accept LAN to VPN (you can see screenshot above)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 shahzaib 4 months ago in reply to Sreenivasulu Naidu

Actually we have some users that are working from remote, we need to give them technical support via RDP or VNC mostly are windows based clients.

I already created firewall rule and in policy tester it accept LAN to VPN (you can see screenshot above)
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Mayur Makvana 4 months ago in reply to shahzaib

Hello shahzaib ,

Kindly start the ping from LAN PC to L2TP client assigned IP and collect the tcpdump as suggested by Sreenivasulu Naidu .

Below KBA is for the IPsec, but it does apply in your scenario for the log collection:

community.sophos.com/.../sophos-firewall-how-to-identify-the-communication-issue-with-up-and-running-ipsec-tunnel

Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sreenivasulu Naidu 4 months ago in reply to Mayur Makvana

Hi @shahzaib , pls ensure to enable Firewall rule to allow ICMP echo request on your Laptop (Windows?)
Cancel
Vote Up +2 Vote Down

Cancel
0 shahzaib 4 months ago in reply to Sreenivasulu Naidu

Everything is allowed in laptops firewall

and you can see below SS it is detecting in route lookup but unable to ping
Cancel
Vote Up 0 Vote Down

Cancel
0 Sreenivasulu Naidu 4 months ago in reply to shahzaib

Hi shahzaib Please DM me, can take a look at your setup in a call.
Cancel
Vote Up 0 Vote Down

Cancel