Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 1269 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No access to the web admin via VPN-NAT since V20 MR1 update

schmiegi

Hello everyone,

We are accessing a customer appliance via IPSEC-S2S VPN.
Access is made to an IP that is NATed in the tunnel on the customer side and translated in the IPSec config on the customer side. Nothing special, has always worked.
In addition, there is ACL with DST:ANY, which allows access from our SRC subnet, which is also in the tunnel.

Now to the problem - since the V20-MR1 update I can no longer access the web admin via VPN. SSH via VPN works. Access to the web admin via the WAN interface also works (I have extended the ACL for this, so it can't actually be the ACL).
Since it also works on the WAN interface, it is probably not due to the web service. The appliance has already been rebooted.

Does anyone have any ideas?

Kind regards!



This thread was automatically locked due to age.
Parents
  • 0

    Hi  Thank you for reaching out to the Sophos community team. Please check the steps if that helps here!

    I suspect more on the TCP MSS side and fragmentation which may lead to such issues for accessing resources over PBVPN IPSec.

    To fix such issues, MSS can be reduced for specific sources and destination networks (with iptable commands) via support ticket, So support may help on the same.

    In the long run, the KBA solution below should help here if you want to reduce MSS without support intervention.

    Sophos Firewall: Periodic traffic drops on an IPsec site-to-site tunnel
    support.sophos.com/.../KB-000038555

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    Hi  Thank you for reaching out to the Sophos community team. Please check the steps if that helps here!

    I suspect more on the TCP MSS side and fragmentation which may lead to such issues for accessing resources over PBVPN IPSec.

    To fix such issues, MSS can be reduced for specific sources and destination networks (with iptable commands) via support ticket, So support may help on the same.

    In the long run, the KBA solution below should help here if you want to reduce MSS without support intervention.

    Sophos Firewall: Periodic traffic drops on an IPsec site-to-site tunnel
    support.sophos.com/.../KB-000038555

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML