Overview
This article describes how to configure SSL VPN remote users to have access over a site-to-site IPsec VPN.
The following sections are covered:
⦁ Scenario
⦁ Pre-requisites
⦁ What to do
⦁ Related information
Applies to the following Sophos products and versions
Sophos Firewall
Scenario
Allow SSL VPN remote users to access a remote site via a site-to-site IPsec VPN tunnel.
Pre-requisites
This article requires that an SSL VPN remote access and an IPsec VPN tunnel between two sites are already configured and established. Please see the following articles to configure these requirements.
What to do
In order to provide access for SSL VPN remote users to a remote site via a site-to-site IPsec VPN tunnel, it is necessary to configure the networks that will be accessed in both the SSL VPN Remote Access and the site-to-site IPsec VPN tunnel connections. In the example scenario, the following networks should be included in the configuration.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Site 1 Networks
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Site-to-Site IPsec VPN Tunnel Local Subnet Site 1 LAN (192.10.10.0/24)
VPN Pool (10.81.234.0/24)
Remote Subnet
Site 2 LAN (192.20.20.0/24)
-----------------------------------------------------------------------------------------------------------------------------------------
SSL VPN Remote Access Permitted Network Resources
Site 1 LAN (192.10.10.0/24)
Site 2 LAN (192.20.20.0/24)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Site 2 Networks
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Site-to-Site IPsec VPN Tunnel Local Subnet
Site 2 LAN (192.20.20.0/24)
Remote Subnet
Site 1 LAN (192.10.10.0/24)
VPN Pool (10.81.234.0/24)
------------------------------------------------------------------------------------------------------------------------------------------
Firewall rules
For ease of configuration, a LAN-VPN and VPN-LAN rule combined into one firewall rule can be configured in both Site 1 and Site 2.
Note: The firewall configuration above will allow traffic to flow between the LAN to VPN, VPN to LAN and VPN to VPN zones. However, this can also be configured separately.
Result
Once the required networks and firewall rules are configured, SSL VPN Remote Access users should be able to access Site 2's network.
A trace route from the SSL VPN Remote Access user to a host on Site 2.