Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing issues with IPsec (Remote Access)

Daniel Hargrove

Hi, 

I am sure this is something that is really easy to fix but I seem to be having some issues with the IPsec (Remote Access) setup. I have followed a detailed setup guide and while I can connect OK, once connected I cannot seem to ping anything on the internal network. I believe I have setup the firewall rules correctly, 

Here are more details:

VPN > IPsec (remote access) :

Assign IP from 10.10.10.10 - 10.10.10.30 (IP Host created for this range called Remote_VPN_Subnet 

DNS Server 1 = 192.168.12.200

Permitted Network - PCL_Subet (192.168.12.X)

Firewall Rule: PCL_Remote_VPN_Access 

Source Zone : VPN

Source Network : Remote_VPN_Subnet 

Destination Zone : PCL_Zone 

Destination Network : PCL_Subnet 

Match Known Users : CHECKED 

Users or Group : PCL_VPN_Users 

Is there another step I am missing? 

Any help would be greatly apprecaited, I am sure I am just missing something small. 

Many thanks, Daniel Hargrove



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to HardikR

    Hi Hardik 

    Many thanks for your response. Let me give this a try now. 

    Dan 

  • 0 in reply to HardikR

    Hi. 

    I have created the Linked NAT rule as per your suggestions but I am still unable to see any response to a local host ping request from a remote client PC. 

    Many thanks, Dan 

  • 0 in reply to Daniel Hargrove

    Diagnostics > Packet Capture
    Have you performed packet capture for IP 192.168.12.200 ?
    As per your output, traffic is getting forwarded to 192.168.12.200 but there is no reply coming back to XG form 192.168.12.200.

    Regards,
    Hardik R

     
  • 0 in reply to HardikR

    This may be going over my head a little. I am trying to duplicate the setup we have on our WatchGuard which the XG will soon be replacing. In my head it seems quite simple. I just need clients to be able to connect via IPsec and see devices on the 192.168.12.0 subnet. Looking at settings for this I need to specify a IP range which clients will be issued. I have setup where I can see to make this available and I can connect without any issues but its just finding out what I am missing which is blocking the ping response getting through. The same XGs has a large number of Site-to-Site IPsec VPN connections confitgured which works AOK. Do you think I am asking to much of this device by adding on this addtional IPsec Remote Access role? 

    Many thanks, Dan 

  • +1 in reply to Daniel Hargrove

    FIGURED IT! - It seems I had duplicate entries in the IP Host. Once I chose a different subnet and changed the settings where required it came to life. Many thanks for your help and guidance. Dan 

Unfiltered HTML