This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot access anything from SSL VPN

Hi guys,

I have just setup SSL VPN with Duo security proxy server. The VPN is working fine, I can log using Sophos Connect, get my Duo confirmation and end up connected with an IP address from the pool.

But then, I can't seem to access anything. My first step is simply to ping the UTM (ping is allowed through ICM) but it does not answer on any interfaces.

Here is a few screens from my actual setup (this is for testing purpose, not the final required setup) :

If you need anything else, just ask me.

Thank you for your help.



This thread was automatically locked due to age.
Parents
  • Hello  ,

    Thanks for reaching out to Sophos Community.

    Could you confirm if you enabled ICMP on your UTM? Further, could you perform a telnet to a machine/server on the network e.g port 80 and share result? 

    Further, could you also try to tracert on the destination address? Also, Do you have an L3 switch with VLAN routing right down your Sophos UTM? 

    Do see any drop messages from source IP on the Logs when trying to perform the steps above? Does this happen to all remote users or only isolated case?

    Thanks and regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hello,

    Yes ICMP is enabled for ping.

    I have no telnet client installed right now but I am block at simply pinging the UTM from the VPN network, so I am not sure what you would like me to telnet to.

    I have Cisco SG500 switches configured with multiple VLAN behind the UTM but at the moment I don't think it can cause trouble in the mix. I don't "leave" the UTM when I try to ping it from the VPN ?

    One thing I am not sure about is the Sophos Connect network information here, is that normal that it have no Remote Netwoork ip range ?

    And tracert on the UTM address (10.0.5.254) give nothing except time out.

    Thank for your help.

  • Hello  ,

    Upon checking, it seems you are using the same subnet for your SSL VPN Pool and local network, probably causing overlap.

    Could you change your SSL VPN Pool to a different network scheme and see if it would help fix the issue? 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply Children
  • I already did the test but nothing.

    In local network of the VPN profil, I used our the subnet 10.0.5.0/24 which is our real production network (VLAN 5) and as VPN Pool 10.0.50.0.

    I also added a firewall rule to allow the VPN Pool through "Any port" to our 10.0.5.0/24 network but I still can't ping anything in the 10.0.5.0/24 network.

    If I perform an ipconfig, is it normal that the Sophos TAP Adapter has no gateway ?

  • Hello, 

    Thanks for your response. Does this happen to other machines as well? and what operating system are affected?

    Could you try uninstalling the client> reboot the machine > download the client again > install client as admin

    kindly let us know the outcome. 

    Many thanks for your time and patience and thank you for choosing Sophos.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I am currently setting it up, so I am the only one trying it. I have tested with OpenVPN on my ChromeBook and I have the same issue. The OpenVPN log give an error that may give a clue but I don't really understand it.