Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS site-to-site SSL VPN static IP address for client

VGDtech

Hello,

I have Sophos XG 2300 with firmware 19.5.3 MR-3.

I'm trying to set a static IP address for a site-to-site SSL VPN client. Is there any way to achieve this?

Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

I would like to set a firewall rule only for this VPN connection but I am unable to do so since no user or group can be used.



This thread was automatically locked due to age.
  • 0
    VGDtech said:
    Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

    You mean to say you are not able to reach subnet over site to site ssl vpn connection ?

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

    • 0 in reply to Bharat J

      Hello,

      it seems the issue is with OpenVPN community version. When I check "Use static virtual IP address" and fill in the address which I would like it fails to connect with a message: ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to XXX.XXX.XXX.XXX -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server.

      When I use OpenVPN connect I am able to connect to the VPN and I have the address which has been set. I have tried several different IPs, OpenVPN 2.6.10 or 2.6.9 fails to connect, OpenVPN connect connects with ease.

  • 0

    How are you configuring the static IP for the connection ? Did you try selecting the "Use static virtual IP address" checkbox and specifying a static IP in the site-to-site sslvpn config (in the image you have shared) ? If not, please select it, download the .apc file again and upload on the client side. Also, how are you checking the IP address of the site-to-site peer ?

    Unfiltered HTML