Quantcast
Channel: Sophos User Bulletin Board
Viewing all articles
Browse latest Browse all 14361

ASG connection to ACC = frustration

$
0
0
I am a bit flustered and feeling like a real noob right now because I cannot get my external ASG units to communicate with my ACC (which is behind an ASG).

For the longest time I have had an ACC v2 running with internal and external ASG units connected, my setup looks like this;

ASG2 v7.5 -> ~internet (DynDNS)~ -> ASG1 v8.3 -> ACC v2
ASG3 v8.3 ->
ASGx vx ->

ASG2/3 configured to get ASG1 IP address via DynDNS
ASG1 has a DNAT rule to forward 4433 to ACC unit

I had been going along blissfully on ACC v2 not knowing about ACC v3 until a few months ago. So I upgraded my ACC to v3 but I was never able to get the external ASG units to communicate to it. Since I was not too worried about the new v3 features, I just reverted back to v2 and all was good again.

Now that UTM v9 is officially out I have been slowly replacing old external Astaro ASG hardware (ASG2, ASG3, ASGx) with new (non-Astaro/Sophos) hardware and installing UTM v9 on them. This has all been going along great.

At the same time I decided to upgrade my ASG1 to UTM v9 and as well upgrade my ACC to v3. Now I am not able to get the external ASGx units to communicate with my ACC once again.

So after many hours of beating on the dead horse and reading here in the forums, I am at a complete loss of what I am either doing wrong or not understanding what setting I am missing and as a result feeling like a complete noob.

Keep in mind that my ACC is sitting behind my ASG1 and the two of them are able to communicate, so yes ASG1 shows up in ACC.

So I am asking for some help in understanding what steps are needed to get the external ASGx units to communicate with my ACC.

I have seen in some threads about ACC-SSL and I see in ASG1 there is an ACC-SSO-Admin. So I have enabled SSL VPN on ASG1 and added the ACC-SSO-Admin user. But still no connections. I have even added an Any-Any-Any rule to all ASG units just to be sure there were no blocked ports.

I am at my wits end, please help...

Viewing all articles
Browse latest Browse all 14361

Trending Articles