Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A VPN Client to Manage multiple IPSEC VPNs?

Is there something similar to the SonicWall Global VPN Client for the XG's?  We've made a hard shift from SonicWall to Sophos, but have just realized what a boon the GVC was for managing our equipment.  I've tried ShrewSoft with no luck, I can't seem to locate the old Cisco VPN Client that is supposed to work.  What solution are you folks using to managed your XGs?



This thread was automatically locked due to age.
Parents
  • Hi Jake,

    You can locate Cisco VPN client by navigating to the options highlighted in the attached screenshot.

    You can use SSL VPN Client to connect over VPN to manage your Local network equipment from remote end. I read about ShrewSoft and it's a remote access IPSec VPN, the same feature can be used with XG by configuring a remote access IPSec VPN. 

    Please let me know for any further assistance.   

    Thanks

    Sachin

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi Jake,

    You can locate Cisco VPN client by navigating to the options highlighted in the attached screenshot.

    You can use SSL VPN Client to connect over VPN to manage your Local network equipment from remote end. I read about ShrewSoft and it's a remote access IPSec VPN, the same feature can be used with XG by configuring a remote access IPSec VPN. 

    Please let me know for any further assistance.   

    Thanks

    Sachin

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
  • Thank you Sachin,

    I more meant that I could not find the actual client, now that Cisco no longer supports it.

    As far as configuring a remote access IPSec VPN to work with ShrewSoft's client, I have thus been unsuccessful in getting this to work, do you have any documentation on getting this set up?

    Thanks again,

    Jake

  • Hi Jake,

    Greetings.

    You cannot find the Cisco Client, you can just configure that on XG. You have to download the Cisco Client from any open source.

    Remote Access IPSec is a paid service on XG Appliance and we have our custom Remote Access IPSec VPN Client to connect on this services. We do not have any documentation for configuring Shrew Soft with IPSec VPN on XG.

    I suggest you to use our custom VPN Client, so that it will be easy for us to support you on the same.

    Thanks

    Sachin

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Sachin,

    This is exactly what I am looking for, but I thought it was only available for the UTM's.   Can you direct me towards where we can aquire this and any documentation you have on it's setup?

    Thanks,

    Jake

  • I tried the Sophos IP Sec VPN Client (looks like a rebranded NCP client). That wouldn't import the connection file.

    I have also tried the CyberRoam client as suggested by one of your colleagues, but I can get the tunnel up, but it gives itself a 10.10.10.10 address with no gateway on it so traffic cant go anywhere.

    Is it me, or is the client vpn stuff not fully baked yet?

    Sophos XG Certified Administrator

  • Definitely not fully baked.  Word back from our support ticket is that the Sophos IP Sec client is not supported on the XG's as of yet.  We were directed to try the CyberRoam VPN and have got it working, but not sure what to do once the trial runs out.  WE've put in a feature request here if you want to upvote it:
    http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/13005783-support-for-the-sophos-ipsec-vpn-client

    As to the 10.10.10.x address, we were able to get things working even with that address. Need to create a firewall policy that allows for the source VPN any host to destination LAN any host.  This will NAT you through and give you access to the LAN even with the 10.10.10.x address.

  • Thanks Jake,

    Can you confirm that when you had the 10.10.10.10 client IP address you also had nothing entered as a gateway for it?

    I do have remote access through RDP to major things, but nothing quite beats a proper VPN where I can use all the tools directly off my tablet to manage things.

    I have upvoted.....

    Sophos XG Certified Administrator

  • Yeah, no gateway.  It's not exactly comforting, but we've come to accept that there are some serious quirks with the XG's and always it's painful to be an early adopter.

    If you're still running into issues getting traffic to pass, let me know and I'll see if the guy who figured it out on our team minds sharing his document out.

  • I forgot the rule! ;-)

    Got it working now, but couldn't using the sophos client, so have used the client (on trial at the moment) that it's based on. It's TheGreenBowVPN and seems to offer more features too which I am exploring.

    Thanks for the input.

    Sophos XG Certified Administrator