In https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53527 , mrainey posed a question about doing: [home client] -> (SSL Remote Access) -> [ASG220] -> (IPsec Site-to-Site) -> [ASG120] -> [Terminal Server] He was unable to accomplish this without: adding the 'VPN Pool (SSL)' to 'Local networks' for the 'IPsec Connection' on the ASG220 creating a network definition on the 120 (SSL Pool on the 220) and adding it to 'Remote networks' for the 'Remote gateway' in the 120. This makes it appear like he needs to alllow the internal network of the 120 to access the 'VPN Pool (SSL)' on the 220. Is that an idiosyncracy of Terminal Server, or is there a flaw in my understanding?* Thanks - Bob *OK, OK, I know there are lots of flaws. [:D]

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic VPN question

In https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/53527, mrainey posed a question about doing:

[home client] -> (SSL Remote Access) -> [ASG220] -> (IPsec Site-to-Site) -> [ASG120] -> [Terminal Server]

He was unable to accomplish this without:

adding the 'VPN Pool (SSL)' to 'Local networks' for the 'IPsec Connection' on the ASG220
creating a network definition on the 120 (SSL Pool on the 220) and adding it to 'Remote networks' for the 'Remote gateway' in the 120.

This makes it appear like he needs to alllow the internal network of the 120 to access the 'VPN Pool (SSL)' on the 220. Is that an idiosyncracy of Terminal Server, or is there a flaw in my understanding?*

Thanks - Bob
*OK, OK, I know there are lots of flaws. [:D]

This thread was automatically locked due to age.

Parents

0 mrainey over 14 years ago

Thanks to all for this thorough discussion, it was very instructive. The solution I implemented is working well and I like seeing all of the SA's in the Site to Site display, it gives me visual clarity as to what is connected to what. Not to muddy the waters, but I have never had Strict Routing checked. I do have Auto Packet Filter checked. So, as far as I can tell, even without Strict Routing, you still have to provide the route back from the far site by including the SSL VPN Pool in the IPSEC/Remote Gateway configurations.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 mrainey over 14 years ago

Thanks to all for this thorough discussion, it was very instructive. The solution I implemented is working well and I like seeing all of the SA's in the Site to Site display, it gives me visual clarity as to what is connected to what. Not to muddy the waters, but I have never had Strict Routing checked. I do have Auto Packet Filter checked. So, as far as I can tell, even without Strict Routing, you still have to provide the route back from the far site by including the SSL VPN Pool in the IPSEC/Remote Gateway configurations.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data