I can connect via SSL VPN but than I cant ping the LAN network

RolandBaumgaertner72 · ‎04-24-2023

Hello,

I have a FG with IPsec and SSL VPN configured. I CAN connect & PING with the IPsec. The problem of not getting to the LAN network I ONLY have with the SSL VPN connection.

So if I can ping from the VPN IPSec there shouldnt be any problem in the LAN.

The SSL configuracion is basic, I deactivated NAT (by default the rule has NAT) but nothing changed. The routing in SSL VPN Portals is fine to LAN.

Checking with sniffer I get this:

XXXX # diag sniffer packet ssl.root "icmp"
interfaces=[ssl.root]
filters=[icmp]
pcap_lookupnet: ssl.root: no IPv4 address assigned
4.980746 192.168.100.100 -> 192.168.2.250: icmp: echo request
13.175508 192.168.100.100 -> 192.168.2.250: icmp: echo request
17.979581 192.168.100.100 -> 192.168.2.250: icmp: echo request

So I dont get the reply from the server 250 back.

What do I miss and what can I do?

Thanks!

RolandBaumgaertner72 · ‎04-24-2023

SOLVED

Hi all:

after some more checking I found the configuration failure. In my policy I did have a regional filter for IPs only from XX but I didnt includde the IPs for the SSL network.

Thanks!

srajeswaran · ‎04-24-2023

Do we know if 192.168.2.250 has a return route to 192.168.100.100?

diag sniffer packet ssl.root "icmp" 4 , can you run this to get the interface names as well? This is to confirm if the packets are leaving the LAN interface or not.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

I can connect via SSL VPN but than I cant ping the LAN network

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website