Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1844 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS site-to-site SSL VPN static IP address for client

VGDtech

Hello,

I have Sophos XG 2300 with firmware 19.5.3 MR-3.

I'm trying to set a static IP address for a site-to-site SSL VPN client. Is there any way to achieve this?

Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

I would like to set a firewall rule only for this VPN connection but I am unable to do so since no user or group can be used.



This thread was automatically locked due to age.
  • 0
    VGDtech said:
    Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

    You mean to say you are not able to reach subnet over site to site ssl vpn connection ?

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    How are you configuring the static IP for the connection ? Did you try selecting the "Use static virtual IP address" checkbox and specifying a static IP in the site-to-site sslvpn config (in the image you have shared) ? If not, please select it, download the .apc file again and upload on the client side. Also, how are you checking the IP address of the site-to-site peer ?

  • 0 in reply to Bharat J

    Hello,

    it seems the issue is with OpenVPN community version. When I check "Use static virtual IP address" and fill in the address which I would like it fails to connect with a message: ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to XXX.XXX.XXX.XXX -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server.

    When I use OpenVPN connect I am able to connect to the VPN and I have the address which has been set. I have tried several different IPs, OpenVPN 2.6.10 or 2.6.9 fails to connect, OpenVPN connect connects with ease.

  • 0 in reply to VGDtech

    Are you connecting two different location or remote user/s with OpenVPN ?

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I am connecting two different locations. I use remote VPNs for users. This one is site-to-site.

  • 0 in reply to VGDtech
    VGDtech said:
    ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to XXX.XXX.XXX.XXX -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server

    Where are you seeing this error ? Is it when connecting remote users ?

    VGDtech said:
    When I use OpenVPN connect I am able to connect to the VPN and I have the address which has been set. I have tried several different IPs, OpenVPN 2.6.10 or 2.6.9 fails to connect, OpenVPN connect connects with ease.

    Is this observation for the remote users ?

  • 0 in reply to VGDtech

    I would suggest you to connect the two location with route base vpn if both the sites Sophos XG/S firewall is available.

    Refer the link :://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNRouteBasedCreate/index.html#introduction

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML