- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New SSL VPN Portal Not Working
Heyoo,
We have a stock "full-access" portal we use that enables split tunneling. We have a single user that has an application on her laptop that much appear to come from within our network in order to work. All I am trying to do is create another portal, just for her, that disables split tunneling.
Portal is created..no problem.
I create a new SSL VPN firewall policy specifying the user and info and authentication rule specifying the SSL portal to use and I am unable to save it without error about range not valid...
Is this the correct procedure to do this? I'm following the cookbook for 5.0.7 and I thought it was pretty staightforward but I guess not. All I want is a second portal for a single user that doesn't use split tunneling.
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure Local Interface is wan1? Generally that's LAN side. Take a look at the existing polity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't remember exactly how 5.0 SSL VPN config looked like since they changed quite a bit w/ 5.2, which we're current running. Based on the error message you described, looks like it doesn't like another portal referred by another policy with different set of users is sharing the same IP pool with the original one. Try assigning a different pool without overlapping.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks - that still didn't work. I must be missing something but can't pinpoint it. I'm getting a new error when saving the config though - any other ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure Local Interface is wan1? Generally that's LAN side. Take a look at the existing polity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Doh! That was it...what a bonehead I am sometimes. I had the incoming interface as ssl.root and local interface as Wan1 (gee..that makes perfect sense...NOT) but it should have been Wan1 for incoming and LAN as local.
Works now - thanks Toshi!