Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 14877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Connects but can't ping inside network

RobertBarbrow

I had my utm 120 die earlier this week. I have replaced it with a SG 210 but i didn't want to move the backup because of some gremlins in the config of the utm 120 i didn't want to transfer over

I've setup a ssl vpn for all ad authenticated users the local networks are set to internal (network) with automatic firewall rules checked and I can connect on port 443

The client connects with no problem and gives me an ip of 10.10.11.6 (internal network is 10.10.10.x) I can ping the router (10.10.10.1) but i can not ping any servers in my internal network.

I checked the firewall live log and I don't see any packets (ping or rdp) being droped by the vpn client

I am racking my brain trying to figure out why this identical config works on the old utm but not the new one. Clearly i've missed something any suggestions on what to check?



This thread was automatically locked due to age.
Parents
  • 0

    I would suggest doing an SNAT to the internal IP address of the UTM for the SSL VPN pool, fixes 90% of any issues I've had like this unless you need to see the originating IP address from the pool on your internal servers. Additionally, turn off the auto firewall rules and manually create one for the VPN pool to talk to the internal network. That auto rule for SSL VPN has been dodgy as hell for me :)

    Hope that works for you!

    Emile

Reply
  • 0

    I would suggest doing an SNAT to the internal IP address of the UTM for the SSL VPN pool, fixes 90% of any issues I've had like this unless you need to see the originating IP address from the pool on your internal servers. Additionally, turn off the auto firewall rules and manually create one for the VPN pool to talk to the internal network. That auto rule for SSL VPN has been dodgy as hell for me :)

    Hope that works for you!

    Emile

Children
No Data