Skip to main content
Adrien
Adrien
New Member
June 8, 2018
Question

[Solved] VPN-SSL listening on DMZ port, WAN is private IP = Error

  • June 8, 2018
  • 1 reply
  • 8503 views

Hi All,

 

I'm in a "specific" case where my WAN interface IP is private (I'm into a metropolitan network) and used only for interconnect my networks using static routes.

My DMZ Public Subnet is on "DMZ" interface/Vlan. I use SSL-VPN in Web and Tunnel mode. SSL-VPN is listening on DMZ Interface. In this case, when i'm in the WAN Side, I can connect to the web ssl, put my login and password and after a successfull login i've a white page: (https://myforti.mydomain.net/sslvpn/portal.html)... With Forticlient SSL, it return an empty error after few seconds.

 

When located in a LAN subnet, it is working as expected. VPN Connection to private WAN interface IP work too (but i need to be located into the MAN, can't work from WAN because private IP)

I suspect an internal routing anomaly. Do you have a solution without using Vdom?

 

Regards

1 reply

rwpatterson
rwpatterson
New Member
June 8, 2018

Check your routing distances. The SSL VPN route distance needs to be shorter than the default gateway distance.

Adrien
AdrienAuthor
New Member
June 15, 2018

Hi,

Thanks for your help! Sorry for the delay...

I was enthusiastic about that, but that does not solve the issue :'(

Static routes tab:

Subnet                    Gateway

0.0.0.0/0           10.249.0.1  Metropolitan_NET (wan1)                   Distance:15 . Priority 0

172.20.130.0/23                      SSL-VPN tunnel interface (ssl.root)  .   Distance:10 .  Priority 0

 

Other ideas? Regards

Adrien
AdrienAuthor
New Member
June 15, 2018

Here is a sample:

Terms & ConditionsAccessibility statement