Cannot access anything from SSL VPN

Hello karnalta ,

Thanks for reaching out to Sophos Community.

Could you confirm if you enabled ICMP on your UTM? Further, could you perform a telnet to a machine/server on the network e.g port 80 and share result? 

Further, could you also try to tracert on the destination address? Also, Do you have an L3 switch with VLAN routing right down your Sophos UTM? 

Do see any drop messages from source IP on the Logs when trying to perform the steps above? Does this happen to all remote users or only isolated case?

Thanks and regards,

Hello,

Yes ICMP is enabled for ping.

I have no telnet client installed right now but I am block at simply pinging the UTM from the VPN network, so I am not sure what you would like me to telnet to.

I have Cisco SG500 switches configured with multiple VLAN behind the UTM but at the moment I don't think it can cause trouble in the mix. I don't "leave" the UTM when I try to ping it from the VPN ?

One thing I am not sure about is the Sophos Connect network information here, is that normal that it have no Remote Netwoork ip range ?

And tracert on the UTM address (10.0.5.254) give nothing except time out.

Thank for your help.

Hello,

Yes ICMP is enabled for ping.

I have no telnet client installed right now but I am block at simply pinging the UTM from the VPN network, so I am not sure what you would like me to telnet to.

I have Cisco SG500 switches configured with multiple VLAN behind the UTM but at the moment I don't think it can cause trouble in the mix. I don't "leave" the UTM when I try to ping it from the VPN ?

One thing I am not sure about is the Sophos Connect network information here, is that normal that it have no Remote Netwoork ip range ?

And tracert on the UTM address (10.0.5.254) give nothing except time out.

Thank for your help.

Hello karnalta ,

Upon checking, it seems you are using the same subnet for your SSL VPN Pool and local network, probably causing overlap.

Could you change your SSL VPN Pool to a different network scheme and see if it would help fix the issue? 

Regards,

I already did the test but nothing.

In local network of the VPN profil, I used our the subnet 10.0.5.0/24 which is our real production network (VLAN 5) and as VPN Pool 10.0.50.0.

I also added a firewall rule to allow the VPN Pool through "Any port" to our 10.0.5.0/24 network but I still can't ping anything in the 10.0.5.0/24 network.

If I perform an ipconfig, is it normal that the Sophos TAP Adapter has no gateway ?

Hello, 

Thanks for your response. Does this happen to other machines as well? and what operating system are affected?

Could you try uninstalling the client> reboot the machine > download the client again > install client as admin

kindly let us know the outcome. 

Many thanks for your time and patience and thank you for choosing Sophos.

Regards,

I am currently setting it up, so I am the only one trying it. I have tested with OpenVPN on my ChromeBook and I have the same issue. The OpenVPN log give an error that may give a clue but I don't really understand it.