This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN users accessing IPsec joined subnet

Hi there,

I have an SG vm connected to an XG vm via ipsec.

Both networks work great while on LAN but I have an issue where remote access (LT2P vpn) users connecting to the XG firewall cant access the subnet connected to the SG.

How can I setup so remote users have access to whole network (both subnets)

Thanks in advance!

This thread was automatically locked due to age.

Parents

0 sachingurung over 5 years ago

Hi Marty,

Do you have a firewall rule for VPN to VPN communication on SG and XG both?

Thanks,

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 MartyMcFly over 5 years ago in reply to sachingurung

I have firewall rule on the XG which VPN clients are connecting to which is set to accept all connections from (source VPN) to (destination SG LAN).

Remote users are getting DHCP lease from DC on the XG LAN.

Why would there need to be a rule on the SG firewall considering there is an IPsec connection between the two firewalls?

Under the L2TP settings the remote network is set to Any so I would assume it should route VPN traffic authenticated on the XG to the SG network

Thanks for the help
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MartyMcFly over 5 years ago in reply to sachingurung

I have firewall rule on the XG which VPN clients are connecting to which is set to accept all connections from (source VPN) to (destination SG LAN).

Remote users are getting DHCP lease from DC on the XG LAN.

Why would there need to be a rule on the SG firewall considering there is an IPsec connection between the two firewalls?

Under the L2TP settings the remote network is set to Any so I would assume it should route VPN traffic authenticated on the XG to the SG network

Thanks for the help
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 5 years ago in reply to MartyMcFly

Hi Time Traveler and welcome to the UTM Community!

If How to allow remote access users to reach another site via a Site-to-Site Tunnel doesn't resolve your issue, do #1 in Rulz. Any luck?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 MartyMcFly over 5 years ago in reply to BAlfson

Thanks for the update,

I had a look but I cant add the LT2P VPN pool to the remote networks in Site 2 as its using a specific range of DHCP addresses coming from our DC in Site 1 (they are already in the "Site1 LAN" remote network).

In effect I would have assumed that because LT2P users have Site 1 LAN address they could access Site 2 over site to site.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to MartyMcFly

So, you saw nothing relevant in either the Firewall or Intrusion Prevention log?

We would need to look at a simple diagram of what's where. Obfuscate IPs like 82.x.y.14, 10.x.y.14 and 192.168.x.14.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel