Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 157 views
  • Users 0 members are here
Options
Suggested

SSL VPN Network Access

SophosNewby

I'm a pulling my hair trying to figure out why our SSL VPN users all of a sudden cannot access the network resources. For the most part I moved 99% of our users over to IPsec VPN setups but in some cases, like accessing from China, IPsec does not allow connections.  A few months ago I quickly setup an SSL VPN user for a staff person visiting China, and all went well. This same staff person is going again in a few weeks so I asked them to test the user and it authenticates ok just does not have access to any of the network resources and have no idea why. 

I created a second user to test myself and same problem. I am using Sophos Connect 2.3.2. Any thing you can think of I have missed?

Thanks

Parents
  • 0

    When you say you "quickly setup" that SSL VPN, did you rely on the generation of "automatic firewall rules" ?

    Maybe this firewall rule doesn't fit anymore? Since the automatic rules are generated at the bottom of the fw rules list, maybe above there is another rule overriding it?

    As a last thing, you could delete this user's SSL-VPN configuration and use the SSL-VPN configuration assistant again.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    I have not performed a TCPDump as mentioned but this is weird. So I made a temporary user about 3 months ago to get my staff person connected while in another country, worked perfectly. When he got back I simply Disabled the account. Since they are making another trip I thought I will make a proper account and called it "secureuser"  and set it exactly as the previous disabled account. The account authenticates no problem but can't access the network resources. This bugged me so decided to make the original account active and test, worked like a charm. Both users are in the same VPN Grouping that I use in the firewall rule, maybe for whatever reason, Groups don't work or there is a bug, I'm now curious if I list the users individually if they both will work.

Reply
  • 0 in reply to PhilippRusch

    I have not performed a TCPDump as mentioned but this is weird. So I made a temporary user about 3 months ago to get my staff person connected while in another country, worked perfectly. When he got back I simply Disabled the account. Since they are making another trip I thought I will make a proper account and called it "secureuser"  and set it exactly as the previous disabled account. The account authenticates no problem but can't access the network resources. This bugged me so decided to make the original account active and test, worked like a charm. Both users are in the same VPN Grouping that I use in the firewall rule, maybe for whatever reason, Groups don't work or there is a bug, I'm now curious if I list the users individually if they both will work.

Children
Unfiltered HTML