Setup Question LAN/WAN VPN

Hey Hinze,

In order to properly specify that your clients attempt the SSL VPN connection via your upstream ISP router's WAN IP, please fill in the "Override Hostname" field with this IP.

Configure > VPN > top right "Show VPN Settings" 

Please note that updating the settings in this menu will require a re-download of the SSL VPN configuration from the user portal.

Let me know if you run into any issues.

Regards,

Thanks Flo! 

works perfectly fine! 

I'can get in the SSLVPN IP Range now, I've setup the vpn rules VPN to LAN - LAN to VPN and general network policiees LAN to all zones as suggested in the documentation but I'll always get an VPN Range IP for my remote device and not the one from the local subnet that I specified .

Is there anything more I can do to be forwarded to the local subnet?

I've studied several community articles on this matter but none seems to help.

Strange...

"t I'll always get an VPN Range IP for my remote device and not the one from the local subnet that I specified ."

That is how this works.

Basically you get a IP from the Pool and for every other device attached to XG, you are just a other subnet. 

The client does not get any IP of any Lan Client. Instead XG will just route the traffic to the correct network. 

Can you post some screenshots of your VPN config? Maybe there is a mistake. 

Hm, but how can I get to my server, if the VPN does not forward me to the local subnet where the server is located.

In the SSLVPN IP Range there is no device. This is why I set up a rule to define the source vpn and the target lan network... 

Try to disable Masquarding on the Policy. 

As far as i can see, this should work even with masq on. 

Can you show us what is in the Objects "Lan Netzwerk" and "SSLIPRANGE" ? 

If ve also tried masquarading... no effect.

See the objects below... If've tried different settings now so images may vary a bit from the above

Here is the Port structure...

Can you shortly explain, where and what exactly fails in your setup?

Show us your current live user tab after you connect one client via SSL VPN. It should shown there. 

Then try to ping a client behind XG. You get a timeout? 

What do you try to reach and how? 

Do you use DNS or IP to ping? 

Hi!

Here is the live user tab...

I'm connected and the adapter gets an IP within the SSLVPN IPRange. 

I've tried to ping the server from the client outside - and it works - i can also ping the nas and so on in the 192.168.1... range but I cannot open network drives or the servers folders since the vpn IP is in the 10.. range

I've got it!

I've added the domain admin server as the dns server in the vpn settings - this helps getting all the things done!

Kudos and many thanks to all that helped!

I've got it!

I've added the domain admin server as the dns server in the vpn settings - this helps getting all the things done!

Kudos and many thanks to all that helped!

I've also changed the order of FW Rules so that the sslvpn rule is on top and set port 1 to the allowed resources in the ssl-vpn rule