Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Sophos XGS site-to-site SSL VPN static IP address for client

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 7 replies
Answers 1 answer
Subscribers 40 subscribers
Views 1499 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS site-to-site SSL VPN static IP address for client

VGDtech 3 months ago

Hello,

I have Sophos XG 2300 with firmware 19.5.3 MR-3.

I'm trying to set a static IP address for a site-to-site SSL VPN client. Is there any way to achieve this?

Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

I would like to set a firewall rule only for this VPN connection but I am unable to do so since no user or group can be used.

This thread was automatically locked due to age.

Top Replies

Nikhil Bhandari 3 months ago +1

How are you configuring the static IP for the connection ? Did you try selecting the "Use static virtual IP address" checkbox and specifying a static IP in the site-to-site sslvpn config (in the image…

Parents

0 Bharat J 3 months ago

VGDtech said:
Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN connection does not work.

You mean to say you are not able to reach subnet over site to site ssl vpn connection ?

Regards

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 VGDtech 3 months ago in reply to Bharat J

Hello,

it seems the issue is with OpenVPN community version. When I check "Use static virtual IP address" and fill in the address which I would like it fails to connect with a message: ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to XXX.XXX.XXX.XXX -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server.

When I use OpenVPN connect I am able to connect to the VPN and I have the address which has been set. I have tried several different IPs, OpenVPN 2.6.10 or 2.6.9 fails to connect, OpenVPN connect connects with ease.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J 3 months ago in reply to VGDtech

Are you connecting two different location or remote user/s with OpenVPN ?

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Bharat J 3 months ago in reply to VGDtech

Are you connecting two different location or remote user/s with OpenVPN ?

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 VGDtech 3 months ago in reply to Bharat J

I am connecting two different locations. I use remote VPNs for users. This one is site-to-site.
Cancel
Vote Up 0 Vote Down

Cancel
0 Nikhil Bhandari 3 months ago in reply to VGDtech

VGDtech said:
ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to XXX.XXX.XXX.XXX -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server

Where are you seeing this error ? Is it when connecting remote users ?

VGDtech said:
When I use OpenVPN connect I am able to connect to the VPN and I have the address which has been set. I have tried several different IPs, OpenVPN 2.6.10 or 2.6.9 fails to connect, OpenVPN connect connects with ease.

Is this observation for the remote users ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J 3 months ago in reply to VGDtech

I would suggest you to connect the two location with route base vpn if both the sites Sophos XG/S firewall is available.

Refer the link :://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNRouteBasedCreate/index.html#introduction

Regards

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel