Problem SSL VPN access

Question

Hi all, This is my first post on these forum, so hello to everybody.

I have problem with access to remote station who is connected via ssl vpn from internal network.

This station - Windows 10 has correct configure windows firewall.

First I check connection via user1 with full permission to internal network (Policy - destination address - all) I establish connection from internal network eq. RDP to remote station and I can connect to this station.

But when is connected user2 who has access only to one destination address from ssl.root, but from this same remote station, I can't connect to this station.

To test I try to connect from internal ip address, who Policy - destination address - all and can't connect user2 I checked debug flow and show allowed.

How resolve this problem?

Toshi_Esumi · Answer

When you check and compare routing table on user1 and user2 machine you would see user1's default route is pointing into the vpn tunnel GW, while user2's machine doesn't have the additional different route but only route to the allowed destination address. Then the tunnel is split and using the local default route for the internet.

When you access from your test machine with an internal IP address, which is not the user2's vpn destination address, the returning route is going toward the local internet. That's why it doesn't work. If you want access those vpn client machine from the server(FGT) side or behind the FGT, those IPs need to be added to user2's allowed destinations too.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded