Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 13022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM VPN server behind ISP router working partially?

GerdMehsel

Hi,

I have a SG105 behind an ISP cablemoden (router). In this router I forwarded port 443 to the SG box. 
Now I can connect from outside via SSl VPN to this SG105 successfully, that means my outside VPN client says, the connection is established. But I cannot access any PCs in the network.

What have I missed?

Thanks for any hints,
Alex



This thread was automatically locked due to age.
Parents
  • 0

    Hi Alex,

    Usually i'm leaving the OpenVPN server on UDP/1194. But TCP/443 should be fine.
    For your issue, under Remote Access --> SSL --> edit Profile, please verify that the Local Networks setting is set to ANY. This will avoid split tunneling though, so be aware of this. 

    Also, please have a check on this document (SSL VPN best practices and setup instructions from Sophos):
    https://www.sophos.com/en-us/medialibrary/PDFs/documentation/utm90_Remote_Access_Via_SSL_geng.pdf

    Regards,

    M.

  • 0 in reply to Mokaz

    Hi,

    thank you for your answer, it brought me one step further - but still not working completely.

    I made the settings you mentioned above:

    ... please verify that the Local Networks setting is set to ANY...

    Now I can still connect from remote, I can ping the SG105 UTM box from remote, I can ping the desired PC from remote but I cannot establish a RemoteDesktop connection nor can access the webadmin interface on the UTM box from remote.

    I think there must be a rule blocking that traffic. Do you have a further suggestion?

    BTW: this UTM box is a client that connects via site-to-site VPN (also SSL) to another UTM box also. This connection is working properly but it uses the "VPN Pool (SSL)" network (created by default from sophos). And I use this default "VPN Pool (SSL)" network for the desired road warrior connection also. Could this be a problem? 

Reply
  • 0 in reply to Mokaz

    Hi,

    thank you for your answer, it brought me one step further - but still not working completely.

    I made the settings you mentioned above:

    ... please verify that the Local Networks setting is set to ANY...

    Now I can still connect from remote, I can ping the SG105 UTM box from remote, I can ping the desired PC from remote but I cannot establish a RemoteDesktop connection nor can access the webadmin interface on the UTM box from remote.

    I think there must be a rule blocking that traffic. Do you have a further suggestion?

    BTW: this UTM box is a client that connects via site-to-site VPN (also SSL) to another UTM box also. This connection is working properly but it uses the "VPN Pool (SSL)" network (created by default from sophos). And I use this default "VPN Pool (SSL)" network for the desired road warrior connection also. Could this be a problem? 

Children
  • 0 in reply to GerdMehsel

    do you use "automatic firewall rules" in your definition of the ssl-vpn or do you set the packet filter rules manual?

     

    i dont prefer using "any" in the local network def for ssl-vpn cause ALL traffic is then send from client to vpn...

    split-tunneling is better option so only needed traffic is travelling through the tunnel...

    but thats a point on how you work with your connect..

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Unfiltered HTML