Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Home LAN network and Corporate LAN Network Conflicting Sophos Connect Client

Issue Description:

User is connected to corporate LAN network through sophos connect client VPN. User home network range is “172.16.16.16/24” and corporate LAN network is also using the same range “172.16.16.16/24“. So if user connected through sophos connect client VPN is pinging any corporate LAN IP address, request will not pass through sophos connect client VPN tunnel instead request will search for destination host in the same home network.

Resolution:

Now the process is we will add fake network in sophos connect client, when client is trying to reach fake network it will hit the firewall and firewall will do NAT and translate to internal network as we will create DNAT rule.

The resolution is we need to add fake network (let it be 10.11.12.2.0/24)in the sophos connect client as shown below along with internal network

Now we need to create DNAT rule in such as way, whenever problematic user is accessing fake network range(10.11.12.2-10.11.12.100) it should map to internal network range (172.16.16.2-172.16.16.100) as shown in below image

fake network
NAT rule

In DNAT rule we cannot create networks instead we can create only range.

By creating this rule, whichever user is trying to access fake range (let it be 10.11.12.2-10.11.12.100) it will be directed to (172.16.16.2-172.16.16.100)

So in this case, we will import the created sophos connect client to user who is facing that issue, so if he want to access “172.16.16.2” he should reach to “10.11.12.2

Now we will create firewall rule to allow the traffic when they are accessing fake range(10.11.12.2-10.11.12.100). In firewall rule, source zone should be VPN zone, source network should be sophos connect client range, destination zone should be LAN zone, destination network should be fake range and service should be any.

Firewall rule

Note: Keep both firewall rule and NAT rule on top.

Now the process is since we have added fake network in sophos connect client, when client is trying to reach fake network it will hit the firewall and firewall will do NAT and translate to internal network as we created DNAT rule.

Hope this article helps you.