This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Cannot access most of the remote devices

Hello,

I just installed a SG115 at a customer site.

External (Internet) access and redirections (DNAT) are working fine.

 

I also configured a SSL VPN (as usual, as described in https://community.sophos.com/kb/en-us/116038).

The VPN connection is established without any problem, I receive an address in the VPN range (10.242.2.0/24).

But... most of the devices in the remote network (192.168.75.0/24) cannot be reached (ping, http, https...)

There are (in the remote network) some very basic devices,  managed via a basic (without specific security) HTTP interface but they cannot be reached.

But some other can  : I can connect to 192.168.75.207 but I cannot connect to 192.168.75.3 (both have a basic HTTP interface).

Another Sophos UTM (192.168.75.2) can be reached via https on port 4444.

Same problem with ping : 192.168.75.207 can be ping, but 192.168.75.3 not.

Same issue with network discovery : about 1 device out of 4 can be discovered, other not.

 

Do you have any idea about the problem ?

thanks in advance for your help.



This thread was automatically locked due to age.
  • Salut,

    What do you learn if you do #1 in Rulz?  You might want to review #2 first.  Also, check the Web Filtering log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I think internal (Windows) firewalls or Endpoint Firewalls are blocking connections from 10.242.2.0-net? Try with disabled internal firewalls (or config a rule for access from 10.242.2.0-net).

    You can also config a SNAT on UTM (SSL-Pool -> Any -> Internal Network ->change Source to internal(adress)) this will avoid any internal firewall trouble...

     

    regards

  • It is the solution !!!

    I added the SNAT, and I can now reach every device in the network.

     

    Thanks a lot !

  • When a SNAT solves a problem like this, it's always an indication of a misconfiguration somewhere else.  Check #3 in Rulz and, as Steve suggests, check your Windows firewalls.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA