This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN through Point to Point T1

Hi All,

I've been having some trouble getting traffic to pass through SSL VPN to a remote site.

Here's the lay of the land:

Site 1

T1 Internet Access - Cisco 1601 > ASL on Dell Server x.x.1.254
T1 Point to Point - Cisco 1840 - x.x.1.1
Internal Network - x.x.1.0 /24
Windows Server 2003 Domain Controller – AD, DNS, DHCP, WINS
  AD and DNS replication

Site 2

DSL Internet Access - ISP Provided DSL Router > SonicWALL PRO 2040 Standard (Ugh!)  x.x.2.254
T1 Point to Point - Cisco 1840 x.x.2.1
Internal Network - x.x.2.0 /24
  Windows Server 2003 Domain Controller – AD, DNS, DHCP, WINS
  AD and DNS replication

  SITE 1 – Astaro

  Routing
  Policy Route > Gateway Route > Source INT = Internal INT – Source NET = Internal NET – Service = Any – Destination = Site 2 NET – Gateway = Cisco 1840 x.x.1.1

  DNS
  Global > Allowed NET = Internal NET, Site 2 NET
  Forwarders > N/A
  Request Routing > Domain = Site 1.local > Target Servers = Site 1 DC, Site 2 DC

  Packet Filter
  Site 1 Internal > Any > Any > Allow
  Site 2 > Site 1 Internal > Any > Allow

  ICMP – All checked for now

  Remote Access
  SSL VPN > Local Networks = Site 1 NET, Site 2 NET

  Advanced > DNS = Site 1 DC IP, Site 2 DC IP > WINS = Site 1 DC IP, Site 2 DC IP > Domain = domain.local

  As far as access to Site 1 goes everything works without a hitch.
  I can connect the SSL VPN and access anything and everything I need to on Site 1 using IP or DNS.
  If I’m onsite at Site 1 I can access anything and everything on Site 2 using IP or DNS.

  But if I’m use SSL VPN from outside Site 1 I can’t hit a lick of anything on Site 2.  I can’t ping or RDP.  However, if I ping a Site 2 DNS name it does resolve but that’s not a big surprise considering Site 1 and Site 2 replicate DNS…

  My question is do I need a Static or Policy route set up for the SSL VPN Pool to Site 2?
  I tried adding one but either I didn’t set it up correctly or it wasn’t the fix.
  Or do I need a packet filter rule?
                  I tried setting up a couple of different Allow > SSL VPN Pool > Site 2 rules but to no avail…

  It has something to do with routing the SSL VPN Pool to Site 2 but I’m not seeing it clearly…

  Any ideas?

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 17 years ago

Try using a regular static route instead of a policy route.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 dacomb over 17 years ago in reply to BrucekConvergent

Out of curiosity... Why does it matter?
Should I have a separate route for the SSLVPN Users NETWORK?
Cancel
Vote Up 0 Vote Down

Cancel
0 dacomb over 17 years ago in reply to dacomb

I tried a static route. It didn't change the results.

Again, it's Site 1 from inside the LAN can hit Site 2 > ANY.

It's only when using the SSL VPN from the WAN to connect to Site 1 that I can't talk to Site 2
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dacomb over 17 years ago in reply to dacomb

I tried a static route. It didn't change the results.

Again, it's Site 1 from inside the LAN can hit Site 2 > ANY.

It's only when using the SSL VPN from the WAN to connect to Site 1 that I can't talk to Site 2
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data