I have the following interfaces:
Inside Network on eth4.
Outside Network on eth1.
I already have a working IPSec Site-to-Site tunnel which passes any traffic coming from the inside Network to our datacenter (where we have the internet-breakout and a internal Server Network).
(Traffic from the inside Network directed to "Internet IPv4" is sent into the tunnel).
I also have a SSL RA client VPN with split-Tunneling.
The Remote Access Profile is set up to get access to the inside Network and the Datacenter Networks (which are reachable through the S2S-tunnel).
With this setup i have a kind of routing-issue:
What is working:
- traffic from the inside-Network to the datacenter or internet is set correctly throughout the S2S-VPN
- The datacenter-network is able to access the inside-Network through the S2S-VPN
- The VPN Client is able to access the Datacenter-network
What is not working:
- The VPN-Client is not able to access the inside-network
Observations:
- tcpdump shows that the packets destined for the inside-network are sent out to eth1 instead of eth4.
- When the S2S-VPN is switched off, the VPN-Client has access to the inside-Network. tcpdump shows that the packets are sent to eth4.
- Using a Policy-route from the VPN-Client Adress-Range to the inside network we can see that the packets are then sent out on the inside interface eth4.
ping is replied from the target, tcpdump shows that the icmp-replys are sent out on eth1. But they do not reach the vpn-client. They are also not sent into the S2S-Tunnel.
Do you have any idea how to make this setup working so that the VPN-Client is able to access the inside-network?
This thread was automatically locked due to age.