This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuration problem remote access to two networks

Hello

I run a UTM 9 and everything works quite well. But I have a question about a remote access configuration to two different networks over the same remote access connection.

Right now, I have a remote connection to the internal network (A) let’s say 192.168.23.0/24. This is accessible via the Sophos VPN Client and I can connect to the terminal server.

I also have a IPSEC connection to an external network (B) let’s say 10.10.100.0/24. The PC’s and Servers in B are member of the domain network of A and I can ping and RDP them from A.

My goal is to be able to have a remote connection to B as well and can RDP to a server in A and in B.

Sorry German speaker Slight smile

Can somebody help?



This thread was automatically locked due to age.
Parents
  • The easiest solution is to make sure that network B is also inside the Remote client VPN networks so the VPN client knows to send the traffic to the UTM.

    Also in the IPSEC tunnel between A and B the IP-network from the Remote VPN clients should be listed so site B knows to send traffic for your remote ssl clients to site A over the IPSEC connection.

    If that is not possible  than you can only create an SNAT rule in site A firewall. You must still make sure that site B's network is inside the remote VPN profile and you can create a SNAT rule:

    Traffic from: Remote VPN Network Pool
    Going to: Site B subnet
    Change Source to: Internal (Address)

    Also make sure to tick 'Rule applies to IPsec packets' under advanced with the NAT rule.

    That way you the firewall will change the source address from your remote VPN-users to be not 10.242.x.y but 192.168.23.x and that will travel to the firewall.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi

    I inserted the VPN Pool (SSL) into the local networks of the ipsec connection. Then I inserted a opened a second phase 2 on the other side (opnsense). The tunnel came up and all shows grenn on Sophos.

    Then I opened the Sophos VPN client and tried to connect directly to a server on net B. No success. But I still can connect to a server on net A.

       

  • Did you also include subnet for site B in "Local networks" for the SSL VPN profile?

    Edit: And you should of course also create a firewall rule to allow the traffic from VPN Pool to Site B network.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply Children