Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 2742 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to pass the assigned VPN IP Address to Servers in the target network?

Xariom

Hello,

I have a problem I cannot solve on my own:

I need a IPSec VPN access to our network (192.168.0.0/24 ) behind our Sophos UTM (192.168.0.10). On our Network I need to access a certain server (192.168.0.90) with a fixed IP Address originating in this network (e.g. 192.168.0.111). This is due to the used protocols (DICOM) and a fixed configuration of the server and cannot be changed.

I defined a VPN Pool inside this network 192.168.0.111/32; the VPN Tunnel works and the connecting client says it got the IP Address as assigned, so far so good.

When accessing the server (192.168.0.90) as planed, the server gets the request from the IP Address of the UTM (192.168.0.10) and not from 192.168.0.111 as it should be. Without getting the request from 192.168.0.111 the server cannot answer to the request and it has to see the assigned address (192.168.0.111) and not the one from the UTM (192.168.0.10).

How can I change the behaviour of the firewall not to interpose itself in the communication?

Thanks a lot in advance for pointing me in the right direction!



This thread was automatically locked due to age.
Parents
  • 0

    Hallo and welcome to the UTM Community!

    In the future, it's easier to get answers if you provide a diagram even just a picture of a hand-drawn one.  Is this a site-to-site connection or are you using an IPsec remote access client?

    My guess is that you want to configure 192.168.0.111 as an Additional Address named Dicom on the Internal interface and then create a NAT rule with automatic firewall rules like:

         SNAT : Any -> Any -> {192.168.0.90} : from Internal [Dicom] (Address)

    Glück damit gehabt?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hallo and welcome to the UTM Community!

    In the future, it's easier to get answers if you provide a diagram even just a picture of a hand-drawn one.  Is this a site-to-site connection or are you using an IPsec remote access client?

    My guess is that you want to configure 192.168.0.111 as an Additional Address named Dicom on the Internal interface and then create a NAT rule with automatic firewall rules like:

         SNAT : Any -> Any -> {192.168.0.90} : from Internal [Dicom] (Address)

    Glück damit gehabt?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML