Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1657
Views
0
Helpful
6
Replies

Cannot connect two sites

Go to solution
satyammehrotra7779309
Level 1
Level 1

‎08-22-2020 11:29 AM

Hi all, 

I have two offices A and B. Office A has Sophos Firewall and Office B has a Cisco VPN router. We have already created a tunnel between Office A and Office B (Sophos to Cisco). Now the problem is when I connect to Office A (where my Sophos FW resides) through Remote SSL, I cannot access office B, even though when I have already created an IPsec tunnel between both sites.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎08-22-2020 01:16 PM

The original poster has provided a diagram which is helpful. And has provided a screen shot of the firewall rule page, which is not particularly helpful. What we need to see are the pages for setup of the vpn site to site. And we need to see it from Sophos and from Cisco. Part of what we would be looking for is to be sure that the subnet used for SSL vpn 10.81.234.0 is specified as interesting traffic for the site to site vpn, and that it is specified on both sides.

HTH

Rick

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-22-2020 11:55 AM

You have not provided much detail for us to work with and that makes it difficult to determine what is the problem. You mention a remote SSL connection to OfficeA then attempting to access resources at OfficeB. Based on the little information we have I would guess that the issue is that the IP addresses assigned for the remote SSL connection are not included in the configuration for the tunnel between the offices.

HTH

Rick
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to satyammehrotra7779309

‎08-22-2020 02:58 PM

Looking at the diagram and IP subnet

 

- Since you confirmed that site- site VPN working as expected.

- the only issue with remote clients using Remote VPN (SOPHOS) and they are not able to access the resource another end behind  RV Cisco SMB Router.

 

I would suspect you have not allowed or you need to create both the side allow these subnet to access the resource like 192.168.100.0 ( same ACL rule for 10.81.234.0 subnet to access to Server 192.168.1.104)

 

- it required both ends to allow the new subnet to get access to 192.168.1.104 

- other Option you can do is Allow remote user use Local jump box (which has 192.168.100.X range IP to ) access far end resource (Server 192.168.1.104)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
satyammehrotra7779309
Level 1
Level 1
In response to Richard Burts

‎08-22-2020 12:35 PM

@Richard Burts wrote:

You have not provided much detail for us to work with and that makes it difficult to determine what is the problem. You mention a remote SSL connection to OfficeA then attempting to access resources at OfficeB. Based on the little information we have I would guess that the issue is that the IP addresses assigned for the remote SSL connection are not included in the configuration for the tunnel between the offices.

Sorry for that, please check attached image and suggest anything you might think is wrong.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎08-22-2020 12:53 PM

Hello,

 

what client are you using ? I suggest to try the Sophos SSL VPN client. Make sure that the remote SSL VPN access rule on the Sophos firewall allows ingress and egress traffic. I agree with Richard that we need more information, but for now, have a look at the attached guide. Also, make sure that the Cisco router allows the remote client IP address range. Can you post the config of the Cisco ?

 

https://support.sophos.com/support/s/article/KB-000035542?language=en_US

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎08-22-2020 01:16 PM

The original poster has provided a diagram which is helpful. And has provided a screen shot of the firewall rule page, which is not particularly helpful. What we need to see are the pages for setup of the vpn site to site. And we need to see it from Sophos and from Cisco. Part of what we would be looking for is to be sure that the subnet used for SSL vpn 10.81.234.0 is specified as interesting traffic for the site to site vpn, and that it is specified on both sides.

HTH

Rick
0 Helpful
Top