I'm an IT generalist in a medium sized business. Networking is not my strong point. I was Network+ certified some years ago, but our infrastructure is really small so my skill has atrophied somewhat.
Recently we started allowing a number of our employees to work remotely. They quickly started opening helpdesk tickets about VPN issues trying to connect to resources in Azure.
While connected to the VPN, web browsing (80/443) would work. But any services that used a non-web port (RDP/3389, SQL/1433) would fail if they were connecting to a resource on the internet. Accessing Azure resources while directly connected in the office was working.
The VPN is hosted on our firewall/gateway in the office. It's a Sophos SG310 UTM.
Ultimately I fixed the problem by enabling NAT masquerading for the SSL VPN subnet to the WAN. It was already enabled for the directly connected subnets.
My question is - why did web traffic work even if NAT was not configured? I would have expected that all return traffic from the internet, regardless of the port, should not have had a route to the clients.
No comments:
Post a Comment