Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 1962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access external services from SSL VPN

David Webb

Hello.

Now that everyone is working remotely I've encountered a few issues accessing things outside our network from the SSL VPN.  SFTP (SSH on port 22) is the main one of these.  It connects fine from inside the office but not via the SSL VPN.

When I run a traceroute to something outside our network on the VPN it uses the UTM as the 1st hop then everything else times out, as if it doesn't have a route out.

What am I missing?  I've looked in the firewall logs but there isn't a single entry for the SSL VPN subnet despite me creating firewall rules and enabling logging.  I've also ensured there is a masquerading rule but still no luck.

Any tips appreciated!



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    Please show a picture of the Edit of the SSL VPN Remote Access Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I have figured out what is causing it.  Because there is no way to configure DHCP reservations for the SSL VPN Pool I have created SNAT and DNAT rules for each user to simulate having the same IP each time (this is required for call recording on our soft phones).  When I disable these NAT rules the connection goes outside to the external SFTP server and connects as expected.

    This is the masquerading rule:

    And this is the VPN profile:

    Thanks,

    Dave

  • 0 in reply to David Webb

    Dave,

    why do you put "xxx VPN Pool (SSL)" in "local networks"? I never do this and I think this not necessary.

    Did you have a look at the manual?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    OK, thanks for the tip, I misunderstood and thought it needed to be counted as a local network.  I have removed it now, and everything seems to be working as expected, but there is still no traffic in the firewall logs for the 10.242.2.0/24 subnet (just entries for hitting the admin portal on port 4444).

Reply
  • 0 in reply to PhilippRusch

    OK, thanks for the tip, I misunderstood and thought it needed to be counted as a local network.  I have removed it now, and everything seems to be working as expected, but there is still no traffic in the firewall logs for the 10.242.2.0/24 subnet (just entries for hitting the admin portal on port 4444).

Children
No Data
Unfiltered HTML