SETUP SSL SITE-TO-SITE VPN SOPHOS UTM

This article will introduce the step-by-step to setup SSL site-to-site VPN between two devices Sophos UTM.

 

STEP 1: CONFIGURING “SERVER” SSL SITE_TO_SITE VPN

  • Login into the server’s WebAdmin
  • Go to “Site-to-site VPN –> SSL –> Settings tab“ setup following:
    • Port: You can change (default port 443)
    • Override hostname: need “full domain name” or “IP public”

setting ssl s2s

  • Go to “Connections tab –> Click New SSL Connection”

Server_connection

  • Configure the connection following:
    • Connections type: choose “Server”
    • Connections name: descriptive name for connections
    • Use static IP address:  Check to use it, if you have a dynamic physical IP address
    • Local Networks: drag the local networks, local host you would like allow access to remote UTM to route through the tunnel
    • Remote Networks: drag local network, local host you would like allow access on the remote UTM  through the tunnel
    • Check “automatic firewall rules” if you want create FW rules automatically
  • Click “Save”
  • Click “download” button to download a file configuring for client system (format  extension *.apc)

download profile

  • Go to Site-to-Site VPN dashboard you will see same following picture:

Wait_connect server

STEP 2: CONFIGURING “CLIENT” SSL SITE_TO_SITE VPN

  • Login into the Client’s WebAdmin
  • Go to “Site-to-site VPN –> SSL –>Connections tab –> Click New SSL Connection”
  • Configure the connection following:
    • Connections type: Choose “Client”
    • Connection name : descriptive name for connection.
    • configuration file: Click folder icon to upload file configure from “server” when you was downloaded this file.
    • Password: if the file configure be encryption, then you add password to decryption this file.
    • Check “automatic firewall rules” if you want create FW rules automatically
  • Click “Save”
  • Go to Site-to-Site VPN dashboard  you will see same following picture: connected successful!

connected client

  • Go to Site-to-Site VPN dashboard  Server

connected server

Done, Thanks  your watching!

3 Comments

  1. Great article, got my site to site ssl vpn tunnel connected, but I have no communication between sites, can’t reach or ping any of the devices on either end. Any insight or help would be appreciated.

    • Hi Vitor, you need to check:
      – ping between Local Interface of each UTM is ok or not?
      – Make sure the Server, PC don’t block the Ping.

1 Trackback / Pingback

  1. Site to Site SSL VPN problem - Sophos User Bulletin Board

Leave a Reply