This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN users accessing IPsec joined subnet

Hi there, 

I have an SG vm connected to an XG vm via ipsec.

 

Both networks work great while on LAN but I have an issue where remote access (LT2P vpn) users connecting to the XG firewall cant access the subnet connected to the SG.

 

How can I setup so remote users have access to whole network (both subnets)

 

Thanks in advance!

 



This thread was automatically locked due to age.
Parents Reply Children
  • I have firewall rule on the XG which VPN clients are connecting to which is set to accept all connections from (source VPN) to (destination SG LAN).

     

    Remote users are getting DHCP lease from DC on the XG LAN. 

     

    Why would there need to be a rule on the SG firewall considering there is an IPsec connection between the two firewalls?

     

    Under the L2TP settings the remote network is set to Any so I would assume it should route VPN traffic authenticated on the XG to the SG network

     

    Thanks for the help

  • Hi Time Traveler and welcome to the UTM Community!

    If How to allow remote access users to reach another site via a Site-to-Site Tunnel doesn't resolve your issue, do #1 in Rulz.  Any luck?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the update,

    I had a look but I cant add the LT2P VPN pool to the remote networks in Site 2 as its using a specific range of DHCP addresses coming from our DC in Site 1 (they are already in the "Site1 LAN" remote network).

    In effect I would have assumed that because LT2P users have Site 1 LAN address they could access Site 2 over site to site.

  • So, you saw nothing relevant in either the Firewall or Intrusion Prevention log?

    We would need to look at a simple diagram of what's where.  Obfuscate IPs like 82.x.y.14, 10.x.y.14 and 192.168.x.14.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA