Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 1957 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot access HTTP via SSL VPN but can via IPSec

Shawn Hartford

I have two sites, one a SG215 and one a SG230, both running firmware 9.603-1. If I connect via a IPSec VPN, everything works fine but the link is really slow. If I connect via a SSL VPN everything works fine except I cannot access HTTP sites on the remote site. Speed is a lot better, but for some reason access HTTP is timing out. I've tried a bunch of tweaks and nothing seems to work. Very weird, hoping someone has some ideas. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Do you see any block page or error while accessing the HTTP Pages from the remote site? Also, make sure you've added correct Local and Remote Networks in the configuration. The other thing, when you access HTTP pages of the remote site from your site, make sure traffic does not pass through the Web Filtering. You may add the remote network in the Transparent Skip List and then create a Firewall rule to allow the traffic.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    I get the basic Sophos landing page that the remote site timed out, no block pages though. I know the remote and local networks are assigned properly as I can access all other resources, like RDP, files, printers, etc. betweem both sites.

    I'll look into the Web Filtering, that may be it. I'll add the remote network in each others Skip List and see if that helps. 

    What firewall rule though would I make? I've created a VPN connection on each side with the option to auto create the firewall rules, which I assume allows all traffic from the remote network? What additional firewall rules might I need?

    Thanks for the ideas!

    Shawn

  • 0 in reply to Shawn Hartford

    Hi Shawn and welcome to the UTM Community!

    The automatic rules should be fine.

    In fact, properly configured, IPsec should be faster than the SSL VPN.  If you want help with that, please open a thread in the VPN forum.

    Chees - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    True,

     

    if i remember correctly just to make an estimate, you can double the amount of reccomended SSL VPNs to get the round about amount of ipsec VPNs you could do right?

    Given that IPsec needs to be faster than SSL otherwise the conclusion above would work.

    Regards

    Jason

    Sophos Certified Architect - UTM

Reply
  • 0 in reply to BAlfson

    True,

     

    if i remember correctly just to make an estimate, you can double the amount of reccomended SSL VPNs to get the round about amount of ipsec VPNs you could do right?

    Given that IPsec needs to be faster than SSL otherwise the conclusion above would work.

    Regards

    Jason

    Sophos Certified Architect - UTM

Children
No Data
Unfiltered HTML