Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 2988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with VOIP in VPN SSL Connected

Luis Miguel Diego

La conexión de VPN funciona correctamente pero necesito que el software de Alcatel PIMPhony, inatalado en el pc funcione al usarlo mediante la VPN y falla.

Creo que el problema es que la centralita IP a la que conecta tiene asociado el pc con la IP que utiliza en la LAN  192.168.2.104 y al llegar con la ip asignada en la VPN no lo reconoce 10.0.0.X

Habría alguna opción de que la IP presentada en la LAN fuera la ip de la LAN habitual y no la Ip asignada en la VPN?

Gracias por vuestra ayuda, un saludo



This thread was automatically locked due to age.
Parents
  • 0

    Hola Luis and welcome to the UTM Community!

    I'm not sure I've understood your question, but if you're using the SSL VPN, you can create a masquerading rule like 'VPN Pool (SSL) -> Internal'.  Did that give you the result you need?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello and thank you for your help

    I try to explain you the case 

     

    When I am with the PC in the LAN all it's ok

    192.168.2.104 (IP for my PC in the LAN)       <->        192.168.2.200 (IP for the IP PBX)

    The software of the PBX send and receive the information to the PC perfect but when I conect the PC to the LAN using the VPN

    10.242.2.8 (IP for my PC in the VPN)

    it doesn´t work ok I think that the reason is that de PBX receive the information with the VPN IP and it can't response because the software has the IP of the PC with the IP of the LAN 192.168.2.104

    I don´t know if is possible that the PC can send the information to the LAN with the IP 192.168.2.104 when you are connected to the VPN.

    When I am connected to the LAN I can send PING to the PBX (192.168.2.200) and that is ok.

    Regards.

Reply
  • 0 in reply to BAlfson

    Hello and thank you for your help

    I try to explain you the case 

     

    When I am with the PC in the LAN all it's ok

    192.168.2.104 (IP for my PC in the LAN)       <->        192.168.2.200 (IP for the IP PBX)

    The software of the PBX send and receive the information to the PC perfect but when I conect the PC to the LAN using the VPN

    10.242.2.8 (IP for my PC in the VPN)

    it doesn´t work ok I think that the reason is that de PBX receive the information with the VPN IP and it can't response because the software has the IP of the PC with the IP of the LAN 192.168.2.104

    I don´t know if is possible that the PC can send the information to the LAN with the IP 192.168.2.104 when you are connected to the VPN.

    When I am connected to the LAN I can send PING to the PBX (192.168.2.200) and that is ok.

    Regards.

Children
  • 0 in reply to Luis Miguel Diego

    Did you try my suggestion to create a masquerading rule, Luis?

    The IP examples help.  If you still need help, please show a simple diagram incluing IPs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Luis Miguel Diego

    Is your local LAN segment (192.168.2.x) included in the SSL VPN range? And if so can you reach other devices in your LAN when connected to the VPN?

    If the PBX can only communicate to the local network and not beyond it may be lacking a default gateway. If it just can't communicate outside te local LAN by design, then you can setup a masquerading rule as Balfson has suggested.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Hello,

    I have this mask

    and I have this POOL

    When I connect from Internet with VPN I have one IP in my PC like 10.242.2.8 and I can send a PING to the PBX 192.168.2.200 and this it's ok.

    I think that the problem is that the software of the PBX try to connect to my PC with the IP 192.168.2.104 that it's the IP that my PC have in the LAN and that is the problem.

    I show you some more information

    But if I try to connect from other computer in the LAN to the IP 192.168.2.104 is impossible and if I try to connect to the 10.242.2.8 I also can´t connect.

     

    Thank you for your help again.

    Regards.

  • 0 in reply to Luis Miguel Diego

    Okay, I'll try to help some more.

    Connecting from the LAN to the VPN client is usually not necessary because the connection would normally be initiated from the client to the server (which is reachable now). Through this open connection the server can answer back (You ping reply for example is traffic coming back from the LAN to the VPN client).

    If your PBX for some reason MUST communicate with with 192.168.2.104 than you may need to configure a SNAT rule like this:

    Traffic from: VPN user name (User Network)     (Make sure to use the entry with the username of the VPN user with (User Network) behind it so it only applies to this 1 user
    Using Service: any  (or be more restrictive by only allowing the ports that you really need, but for test any is the easiest)
    Going to: PBX (if it doesn't exist yet than create a host definition for your PBX using it's IP-address 192.168.2.200)

    Change the source to: LAN-PC-IP (also create a host definition for this if it doesn't already exist, it's the IP-address 192.168.2.104 which is normally your LAN PC IP)
    And the service to: <leave this empty especially when you are NATting more than 1 port like any above)

    Check the mark for Automatic firewall rule so the traffic is also allowed once the NAT rule is turned ON.

    Under Advanced check the mark for Log initial packets so you can see in the firewall log that the traffic is being sent

    After saving the NAT rule make sure to turn it on, because it is OFF by default. Then try again.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML