Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Reach RED hosts from Remote SSLVPN - Urgent help needed

HI - Time sensitive here, back against the wall (will pay outside consultant if needed). Sophos Partner, long out of the loop. 

I have (2) REDS.   Both are reachable from main XG network. I am unable to reach the RED hosts from the SSL VPN.

REDS are in standard split tunnel

RED1 - 10.20.30.0/24
RED2 - 10.20.31.0/24
XG LAN 192.160.0.0/24 (don't ask, I inherited)
SSLVPN 10.81.234.5/24 (oddity there in definition, but should work as it i a /24)

Defined host networks for all.
REDS  have local subnet and ssl subnet in split network settings boz
Firewall rule to allow SSL network to RED networks
Logs show nothing being blocked. 

I am at my wits end and have to have these routing by Friday. 

Any help would be appreciated. 



This thread was automatically locked due to age.
Parents
  • Hello,

    Adding to what Raphael has mentioned.

    I recommend you start some TCP dumps in the firewall and the devices behind the RED to see how far the Ping is getting from the devices using SSL VPN.

    When in the Advanced shell of the Sophos Firewall, enter ifconfig, so you can see the interface names for the tcpdump/

    example of tcpdump

    # tcpdump -eni tun0 host 10.81.234.10 and host 10.20.30.10

    The tcpdump above will tell the Sophos Firewall to check for pings coming from the SSL VPN interface going to the host

    #tcpdump -eni redsx host x.x.x.x.x

    The above would be for the interaction of the RED device; substitute the X accordingly.

    Also, confirm that the SSL VPN devices don't have an overlapping subnet with one of the RED devices, and make sure the devices behind the RED have the local firewall disabled.


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello,

    Adding to what Raphael has mentioned.

    I recommend you start some TCP dumps in the firewall and the devices behind the RED to see how far the Ping is getting from the devices using SSL VPN.

    When in the Advanced shell of the Sophos Firewall, enter ifconfig, so you can see the interface names for the tcpdump/

    example of tcpdump

    # tcpdump -eni tun0 host 10.81.234.10 and host 10.20.30.10

    The tcpdump above will tell the Sophos Firewall to check for pings coming from the SSL VPN interface going to the host

    #tcpdump -eni redsx host x.x.x.x.x

    The above would be for the interaction of the RED device; substitute the X accordingly.

    Also, confirm that the SSL VPN devices don't have an overlapping subnet with one of the RED devices, and make sure the devices behind the RED have the local firewall disabled.


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data