This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN, Access to internal networks

Hi.

I have three network interfaces in my Astaro VMWare-Box:

- Internet (DSL)
- DMZ
- internal LAN

I have setup SSL VPN and added DMZ and internal LAN to the local net list. I can connect with the SSL VPN Client, routes are correctly added on the client, but I cannot reach hosts connected to the DMZ-interface. I can ping the IP address of the DMZ-interface and reach all hosts connected to the internal LAN inferface.

Did I miss something?

Thanks
Andreas

This thread was automatically locked due to age.

Parents

0 SilverOne over 18 years ago

Is there under Advanced Remote SSL"Automatic packet filter rules Enabled.
You can try a manual made packet filter to the DMZ.....
What is the "Live LOG" open vpn telling you at moment of connecting?
Cancel
Vote Up 0 Vote Down

Cancel
0 AMarx over 18 years ago in reply to SilverOne

Hi.

Is there under Advanced Remote SSL"Automatic packet filter rules Enabled.
Yes.
You can try a manual made packet filter to the DMZ.....
I did, but still no access.
What is the "Live LOG" open vpn telling you at moment of connecting?
Nothing related to my problem.

Thanks.
Andreas
Cancel
Vote Up 0 Vote Down

Cancel
0 Krischeu over 18 years ago in reply to AMarx

Have a look on the asg/advanced whether nat-t is enabled
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Krischeu over 18 years ago in reply to AMarx

Have a look on the asg/advanced whether nat-t is enabled
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 SilverOne over 18 years ago in reply to Krischeu

Is the "Packet filter Live LOG" dropping something when connecting to the DMZ?
Cancel
Vote Up 0 Vote Down

Cancel
0 AMarx over 18 years ago in reply to SilverOne

Hi.

I don't know where to find the NAT-T option. Seems to be an option for IPSec-VPNs only. I use SSL-VPN.
The log does not show any droped packets.

I will update to the 7.008 release and see if that helps. I have to prepare for that, so it will take time until the weekend.

I will post the results.

Thanks
Andreas
Cancel
Vote Up 0 Vote Down

Cancel
0 SilverOne over 18 years ago in reply to AMarx

It appears the issue I was having with users having to log into the SSL VPN client twice to connect was fixed with the last up2date; however, it appears a new bug was introduced... the SSL VPN quits responding randomly.. and won't start working again until an administrator logs into Webadmin (how wierd is that)... I don't have to do anything except just log into webadmin. I noticed that the end user portal also dies at the same time... it is on the same port... so I think something with the module that detects whether SSL traffic is VPN or End User Portal traffic is busted. I started a ticket with Astaro, hopefully they can find a workaround.

Have you seen this one?
Cancel
Vote Up 0 Vote Down

Cancel
0 AMarx over 18 years ago in reply to SilverOne

Hi.

Sorry for my late feedback.
I fixed the problem. I had to add a masquerading-rule under "Network Security/NAT" from the VPN-Pool (SSL) to the internal interface (DMZ). Now it's working.

Actually I though adding the interfaces to "local networks" in the global settings of the SSL-VPN configuration would do that.

Thanks for your support.

Andreas
Cancel
Vote Up 0 Vote Down

Cancel