In https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53527 , mrainey posed a question about doing: [home client] -> (SSL Remote Access) -> [ASG220] -> (IPsec Site-to-Site) -> [ASG120] -> [Terminal Server] He was unable to accomplish this without: adding the 'VPN Pool (SSL)' to 'Local networks' for the 'IPsec Connection' on the ASG220 creating a network definition on the 120 (SSL Pool on the 220) and adding it to 'Remote networks' for the 'Remote gateway' in the 120. This makes it appear like he needs to alllow the internal network of the 120 to access the 'VPN Pool (SSL)' on the 220. Is that an idiosyncracy of Terminal Server, or is there a flaw in my understanding?* Thanks - Bob *OK, OK, I know there are lots of flaws. [:D]

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic VPN question

In https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53527, mrainey posed a question about doing:

[home client] -> (SSL Remote Access) -> [ASG220] -> (IPsec Site-to-Site) -> [ASG120] -> [Terminal Server]

He was unable to accomplish this without:

adding the 'VPN Pool (SSL)' to 'Local networks' for the 'IPsec Connection' on the ASG220
creating a network definition on the 120 (SSL Pool on the 220) and adding it to 'Remote networks' for the 'Remote gateway' in the 120.

This makes it appear like he needs to alllow the internal network of the 120 to access the 'VPN Pool (SSL)' on the 220. Is that an idiosyncracy of Terminal Server, or is there a flaw in my understanding?*

Thanks - Bob
*OK, OK, I know there are lots of flaws. [:D]

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago

So, instead of the above, I should think of things as follows:
Site A
Remote Gateway: [Public IP of Site B]
Remote Networks: Astaro will create Gateway routes and packet filters to these at Site B
Local Networks: Astaro will allow Site B access to these and will allow these to access Site B

Site B
Remote Gateway: [Public IP Site A]
Remote Networks: Astaro will create Gateway routes and packet filters to these at Site A
Local Networks: Astaro will allow Site A access to these and will allow these to access Site A

With 'Strict Routing' enabled, no other traffic can transit the tunnel.

Thanks for your participation here, Bruce.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 14 years ago

So, instead of the above, I should think of things as follows:
Site A
Remote Gateway: [Public IP of Site B]
Remote Networks: Astaro will create Gateway routes and packet filters to these at Site B
Local Networks: Astaro will allow Site B access to these and will allow these to access Site B

Site B
Remote Gateway: [Public IP Site A]
Remote Networks: Astaro will create Gateway routes and packet filters to these at Site A
Local Networks: Astaro will allow Site A access to these and will allow these to access Site A

With 'Strict Routing' enabled, no other traffic can transit the tunnel.

Thanks for your participation here, Bruce.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data