SSL VPN traffic and Virtual IP issue

Forum|Forum|7 years ago
May 18, 2019
1 reply
3473 views

I Have a problem with accessing to local ressource from SSL VPN (Tunnel & Web).

We use a Virtual IP, to NAT our Public IP to FG Wan interface (for SSL VPN Portal and Tunnel Mode), we have create a policy for this NAT, and its Work fine, and after we have configure the VPN SSL , and create a policy match the VPN SSL Traffic, we can connect with VPN SSL Portal, and FortiClient (Tunnel mode), but we cannot pinging or accessing to the local ressouce on DMZ.

When we make a diagnose, we can see the original direction and reply direction .

You can find attached the VPL SSL Architecture.

Thanks.

SSL VPN Architecture.jpg

Toshi_Esumi

SuperUser

You must be mis-discribing your arrangement. The VIP or DNAT for TCP 443 or 10443 or whatever you have SSL-VPN config has to be configured at the router, which has 194.x.x.x, instead of the FGT. Otherewise SSL VPN traffic never hit the FGT, of which outside IP is 192.168.1.2 (private IP).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded