We have an Astaro Security Gateway at both our data center and our office. We have an IPSec site-to-site VPN tunnel setup between them. At our datacenter is a db server that all of our users use. The db server is connected to the DMZ port on the firewall.
From outside the office all users VPN to the office location and go over the tunnel to use the db server.
Using the PPTP VPN everything works correctly. From within the office everything works correctly.
Using the SSL VPN, users can get to internal office resources, but can't get to the db server. This is happening on Windows XP, Vista, and 7. The Vista and 7 machines I've made sure it's running as administrator. Looking in the logs the client actually adds the routes without any errors, but I've noticed that on the route for the db server, the subnet mask is wrong. When doing an ipconfig I also notice there is no default gateway listed on the SSL VPN adapter (not sure if there should be or not).
Looking at the settings on the firewall, I've made sure the packet fileters and any rules are the same for the PPTP and the SSL VPN's on both firewalls. On the IPSec tunnel settings I've made sure that all relevent networks are in the correct places on the local and remote gateways. Doing a tracert to the db server it tried to go out over the PC's internet connection. If I manually change the route to have the correct mask then it will get from the client to the firewall (10.242.2.1) but then can't get any further.
I've added packet filters to allow any traffic for the SSL VPN users through. I've tried messing around with NAT settings, I'm just not sure where to go. PPTP VPN users work like a charm. I've looked through the logs on the firewall, but I'm not sure which ones to check. Packet filter doesn't show anything. SSL VPN log shows the connection, but not the attempts to hit the db server.
Any thoughts or help would be awesome. Thanks!
Gideon
This thread was automatically locked due to age.
