This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow VPN connections out to the internet from clients on Isolated networks.

Good afternoon Smart people!

I have one that has me scratching my head. I'm being forced to do the work from home thing, and I'm a stickler for security. I have 2 work laptops that are for 2 very different purposes, and having teenagers at home, I never quite trust my "open" family WiFi which is provided by my ISP's router. (It's WPS2 Protected with a password, so not completely open). My son's gaming laptop, some consoles, Smart TVs, non VLAN enabled devices, etc are on there.

So, on my Sophos UTM 9.7 I created a pair of isolated Wireless networks that I have locked down extremely well:

(Hidden SSID, subnetted to only allow 2 hosts, DHCP only dishes out 1 address, Isolated traffic in Sophos, and I'm controlling their access with MAC Whitelists) I can connect each of my work laptops to their respective Isolated networks fine, and everything works. Internet access is no problem. But, when I try to fire up the VPN software on the devices to connect to my work networks, it doesn't work.

Now, I'm thinking it may be something to do with VPN interfaces getting a new MAC address, which isn't on the whitelist, but I'm not sure where I can actually find that part of the puzzle. Does anyone have any ideas??



This thread was automatically locked due to age.
Parents
  • OK, I have figured it out after all. I was on the right trail about the Cisco AnyConnect VPN interface popping up with a new MAC address. I was able to look through the logs as Dirk mentioned, and found this new MAC address. Looked it up, and it's a Cisco VPN mac. So, added it to my Whitelist, and voila! Was able to connect. I now have both laptops connected to their respective isolated networks, which are in turn connected to their respective VPN servers, and each of them using a different ISP (I do have dual ISPs at home)

Reply
  • OK, I have figured it out after all. I was on the right trail about the Cisco AnyConnect VPN interface popping up with a new MAC address. I was able to look through the logs as Dirk mentioned, and found this new MAC address. Looked it up, and it's a Cisco VPN mac. So, added it to my Whitelist, and voila! Was able to connect. I now have both laptops connected to their respective isolated networks, which are in turn connected to their respective VPN servers, and each of them using a different ISP (I do have dual ISPs at home)

Children
No Data