Connecting to SFTP from VPN
I currently access an external clients SFTP site from our network, and they have set it so only computers on the network can connect.
Going forward we are looking to have some people working from home, so will likely be utilising the NetExtender app. We currently have it set up and users are able to access a NAS drive within our network, however when it comes to trying to connect to the SFTP, it just isn't able to connect.
My question is, how can I set up the VPN connection in such a way that would allow workers from home to connect to this SFTP when connecting through the VPN?
If there are other suggestions of ways to connect please do suggest. I am just currently working with what I understand.
Thanks
Answers
@Reventus , please check the following KB article if that describes your current setup. In this scenario the FTP Server is on the internet, it is in Active Mode and the FTP Client is behind the firewall. This requires the configuration of the FTP Transformation.
If the access to the FTP server is only allowed from your corporate public IP, then for the remote connections/users you have to route FTP traffic for that server through the VPN and then out via your corporate public IP address. You can also accomplish this with the Tunnel All mode which will route all the Internet traffic through your company ISP connection.
I hope this gives some insight.
@MustafaA SFTP != FTPS ... maybe @Reventus might clear things up to make sure. I would go with SSH based SFTP according to the original post.
If the SSH Server is accepting connections only from local clients then just do a NAT for the VPN clients and hide behind the Interface IP pointing to the SSH Server and make sure that network is in your VPN definitions.
--Michael@BWC
True with your point @BWC , SFTP != FTPS. I've corrected my comment to avoid confusion.
Hello,
Thank you for both your responses. I will try my best to clarify but apologies if anything is unclear as I am very new to all of this.
The company who's SFTP we connect to is set up in a way that requires a static public IP to allow us to connect. All PC's that are hard wired are able to connect to this SFTP.
In the near future we will have staff at home needing to access this SFTP who will not have static IP's and therefore we wish to set up this VPN to allow them to access this.
On top of this SFTP, we also have a NAS drive which can also only be accessed if you are hard wired into the office, which we transfer files to and from the SFTP on.
So far when connecting through the VPN they are able to access the NAS, but there is no response when trying to connect to the SFTP from an app like Filezilla or WinSCP.
What other changes would I need to make on this VPN to allow for what we have at the office for these home workers?
Again sorry if any of this has already been answered
Thanks
@Reventus , have you checked if the FTP traffic is also going through the home-to-office VPN connection?