VPN users can connect to the ASG via l2tp fine, my internal network is 192.168.2.x, l2tp is 192.168.7.x, and my dmz is 192.168.9.x. Users on 192.168.7.x can ping, ssh, anything to the other two subnets. EXCEPT load web pages. Users in the .7.x scope can even ping outside sites, google, yahoo, wikipedia, etc. but again still can't load the page.
To troubleshoot I created a packet filter rule to allow any service access to any network from the VPN ip scope, still no web pages and I can see in the packet filter log all packets are getting accepted. I don't have any policy routes specific to the http service.
I do have two policy routes to route traffic from the VPN to the internal network and the dmz, I also have a NAT masq rule like: vpn -> external so that vpn clients can access external sites/servers.
I also tested the connection from the internal network back out to the VPN, so from a machine in the 2.x scope i can ping and ssh to a machine in the 7.x scope.
Anyone have any ideas on more troubleshooting I could do? I am sufficiently stumped here.....
This thread was automatically locked due to age.
