This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ssl vpn to site to site vpn to lan - no connection

The set up is

remote user → ssl-vpn → xgs-116 → branch lan → site to site vpn → other brand router → main lan


The site to site vpn has been working fine for years. Branch lan users access main lan fine.

I have the new remote user to branch lan working, but I cannot reach on through to the main lan.

I do have both the branch and main lan listed under tunnel access permitted network resources.

Tunnel all is off.

I must be missing something?



This thread was automatically locked due to age.
Parents
  • Update to above
    I've been reading https://support.sophos.com/support/s/article/KB-000034310

    I now have the main lan router showing the ssl-vpn network range as available thru the site-to-site vpn

    Still missing something though

  • some options...

    - you have to include the ssl-vpn-ip-range into the s2s vpn ... and possible into routing

    - the ip range must not be used at the other site (possible if there is a sophos at the other site too)

    - workaround ... you may mask (snat) traffic from ssl-vpn going to main lan


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks for that.

    I ended up spending some time with a knowledgeable sounding staff member of Sophos - and they tried the snat setup, although I thought it wasn't required.

    Even with the nat in place, they got to the point where they were confident the Sophos end was working, but the traffic wasn't flowing.
    They concluded the far end (the non Sophos router) wasn't configured correctly.

    The non Sophos router is due replacement, so I think I'm going to abandon this attempt until it's a Sophos unit too, unless I have a brainwave of what's wrong.

Reply
  • Thanks for that.

    I ended up spending some time with a knowledgeable sounding staff member of Sophos - and they tried the snat setup, although I thought it wasn't required.

    Even with the nat in place, they got to the point where they were confident the Sophos end was working, but the traffic wasn't flowing.
    They concluded the far end (the non Sophos router) wasn't configured correctly.

    The non Sophos router is due replacement, so I think I'm going to abandon this attempt until it's a Sophos unit too, unless I have a brainwave of what's wrong.

Children
  • ok, thanks for the info. good luck.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.