This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Client to Client communication

Dear everybody,

I have currently implemented an SSL Client VPN which works perfectly fine for my routed networks (tunnel).

I am wondering how it is possible to have the VPN IP Pool ( 10.242.2.x ) routed through the tunnel as I want to have the possibility to communicate whith each connected VPN client vice versa.

Once I add the VPN IP Pool to the Local Network group my client starts not being able to connect to the astaro gateway anymore.

Any thoughts on this ?

Thanks in advance.

Lars

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

Thank you, Gunawidjaja Joseph!

I was trying to do it with SNAT, but the traffic was going into the tunnel before the SNAT could see it. I scanned your post, and my eye fell on the words Full NAT - bingo! I then made my SNAT into a Full NAT and was able to ping.

That's not the first time I've used a Full NAT to solve a problem with a VPN. I'm making myself a new rule:

When working with VPNs, solve confusing "routing" problems with Full NATs. [:)]

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 gejosdotcom over 12 years ago in reply to BAlfson

You are welcome [:)]

Regards,
Gunawidjaja Joseph
PT. Ultrajaya Milk Industry & Trading Co., Tbk.
Indonesia.
Cancel
Vote Up 0 Vote Down

Cancel
0 darthruben over 12 years ago in reply to gejosdotcom

Hi Joseph,

I was trying to these but to no avail. I would appreciate if you can be more specific on this solution.

Thanks,

Ruben

Lars, Jan, the trick is create virtual VPN IP Pool for VPN Static IP.

Add virtual network different with VPN IP Pool (10.242.2.0/24) ie. 10.242.7.0/24 in Local Networks SSL.

Create virtual VPN Static IP using Full NAT (DNAT/SNAT)
Any --> Any --> Client IP Static (ie. 10.242.7.7) --> Source Trans: Internal Addr --> Dest. Trans: Name_A (User Network) --> Automatic Packet FR: Checked.
....
....
Any --> Any --> Client IP Static (ie. 10.242.7.9) --> Source Trans: Internal Addr --> Dest. Trans: Name_Z (User Network) --> Automatic Packet FR: Checked.

Client to Client Communication is ready to be connected through virtual IP static.

Kind Regards,
Gunawidjaja Joseph
PT. Ultrajaya Milk Industry & Trading Co., Tbk.
Indonesia.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Hi, Ruben, and welcome to the User BB!

For example:
Traffic Source: Any
Traffic Service: Any
Traffic Destination: Ruben-Static {a DNS Host object you define with a fixed address}

NAT mode: Full NAT

Destination: Ruben (User Network) {this is the object created by WebAdmin when the user "Ruben" was defined}
Destination Service: {leave blank}

Source: Internal (Address) {this is the object created by WebAdmin when the interface was defined}
Source Service: {leave blank}

Did that help?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 darthruben over 12 years ago in reply to BAlfson

Hi Bob,

Thanks for the help. Let me try this and get back to you.

Cheers,

Ruben

Hi, Ruben, and welcome to the User BB!

For example:
Traffic Source: Any
Traffic Service: Any
Traffic Destination: Ruben-Static {a DNS Host object you define with a fixed address}

NAT mode: Full NAT

Destination: Ruben (User Network) {this is the object created by WebAdmin when the user "Ruben" was defined}
Destination Service: {leave blank}

Source: Internal (Address) {this is the object created by WebAdmin when the interface was defined}
Source Service: {leave blank}

Did that help?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel