SSL VPN - only have access to one subnet

Forum|Forum|9 years ago
October 17, 2016
1 reply
18111 views

We have a site-site IPSEC tunnel setup reciprocating traffic between SiteA 192.168.1.0 and SiteB 192.168.3.0.

SSL VPN user gets an ip 192.168.1.240 at SiteA but no traffic is allowed to Site B. IPSEC VPN works fine.

I tried making a policy from ssl.root > 192.168.3.0...no dice

Static route from ssl.root > 192.168.3.0...no dice

Policy route from ssl.root > 192.168.3.0...nope

What are we missing?

firefox_2016-10-17_10-15-57.jpg

rwpatterson

New Member

SSL VPN is a separate interface, but it shares the subnet of the main interface at site A (assuming class C network). This may be the stem of your issue. SSL VPN should have a unique IP subnet from any others.

MarklarAuthor

New Member

Thanks - I just changed the IP range in SSLVPN_TUNNEL_ADDR1 to a 10.0.0.1 ip range..same issue. Traffic is still stuck exclusively on the 1.x subnet.

rwpatterson

New Member

Does the phase 2 selector on the VPN cover the subnet 10.0.0.x? If it does not, you could create an IP pool with a single valid IP address from the internal interface and apply it to the VPN policy as a test.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded