This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote SSL VPN subnet

What, exactly, is this?  I'm the user who wants to access our small company's network.  I want to access the VPN from multiple locations, and my IP addresses are issued by ExpressVPN.  So, say, I might be in a Starbucks in Miami trying to access our development environment in Seattle and the remote subnet doesn't make much sense, since when I configure an arbitrary remote VPN subnet I haven't a clue what this remote IP is.

This information seems necessary to create a firewall rule for VPN access so I'm not sure what IP host range I should use to create this.  Since I'm new to this the nomenclature in the documentation misleads me.  Any help would be appreciated.  Thanks.



This thread was automatically locked due to age.
Parents
  • Hello William,

    I think you want a Client VPN access, not a site-to-site Tunnel.

    So have a look at "Remote Access/SSL" if you want to use the Sophos-SSL VPN-Client. (which is a modified OpenVPN, btw.)

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, Philipp.  I "am" trying to set up client VPN access.  I navigated to...

    https://support.sophos.com/support/s/article/KB-000035542?language=en_US

    ...and this outlines that one of the steps is...

         + Define local subnet and remote SSL VPN range

    ...which informs me to create two (2) IP Hosts; one for a local subnet and one for a remote ssl vpn ip range. That's what I'm confused about.  What limitation of my client VPN now exists if I create an IP Host for a range of IP addresses for the remote client.  The documentation talks about remote host, but the terminology of "host" used in this documentation isn't meaningful to me.  :-(

  • Hello William,

    you are posting in the Sophos-UTM forum.The link you are posting points to an XG-configuration?

    Do you use an Sophos SG UTM-System? Or do you have an XG-system?

    You don't want to use the Sophos-VPN client?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I do have a new XG-125 I've been working on.  I've been on the internet for 2 months looking to do this and have hired a Sophos consultant's to help.  So far, no luck.  So I thought I'd take some time this Christmas to look into this myself.  The link I gave above was titled "Sophos XG Firewall: How to configure SSL VPN remote access", which I understand to provide me with the information necessary to set up a remote access to the SSL VPN configuration in the XG.

    Does this make any sense at all?  Reading the documentation makes me wonder about my language skills, or maybe even t the documentation's language skills.  :-)

    Thanks.

  • You don't want to use the Sophos VPN Client?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Sure.  But I think I'm trying to configure the XG to accept a connection from the Sophos VPN client (or whatever) and show the network behind the firewall so I can use multiple services (RDP, telnet, etc) to manage the servers and services behind the XG.

  • Maybe I should post in the XG forum, do you think?  I hate to be in the wrong place asking the right question.  Of course, being in the right place asking the wrong question is just as unproductive.  :-)

  • William,

    it's not that complicated: The article you linked to is written with the POV of the firewall system.

    So "local subnet" means the network behind the firewall (the one that you want to reach with your client, of course)

    And "remote SSL VPN range" means the IP addresses, that are to be assigned to the VPN-clients, this is just a pool of addresses for your VPN-users. You can invent the address for this pool, or use the defintion of that example there.

    Just make sure that this "range" is not used anywhere else in your networks.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • William,

    it's not that complicated: The article you linked to is written with the POV of the firewall system.

    So "local subnet" means the network behind the firewall (the one that you want to reach with your client, of course)

    And "remote SSL VPN range" means the IP addresses, that are to be assigned to the VPN-clients, this is just a pool of addresses for your VPN-users. You can invent the address for this pool, or use the defintion of that example there.

    Just make sure that this "range" is not used anywhere else in your networks.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data