Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN user Client does not have access other IPSec Site-to-Site VPN networks

I'm having issues connecting the VPN Client to other networks that reside on a VPN. For example, my XG has a local network of 192.168.10.0/24 and the SSL VPN users get an IP in 172.16.1.10-172.16.1.50. I also have an IPSec Site-to-Site VPN that connects my 192.168.10.0/24 to 10.10.10.0.24. When I'm on my local subnet without the VPN client, i can get to the 10 network without issue and vice versa.

In the SSL VPN user policy, i have allowed access to the local network and then have even added the remote VPN network. I have even added a VPN-to-VPN firewall rule that includes ANY for source/destination, but still can not get to the 10.10.10.0/24 network.  If I'm out and about, and connect to the VPN, I can access everything on my 192.168.10.0/24 without issue, but no traffic to the 10.10.10.0/24. 

Also another issue, the 2 XG devices seem to not be able to ping from the device itself to other network objects on the remote network, but can get to their own without issue. 

I'm not sure what else to do, as in the SonicWALL world, doing the above would have allowed it to work. 

Any help would be greatly appreciated. 



This thread was automatically locked due to age.
Parents
  • I have the same issue, I can connect to my site-to-sites VPN locally but I cannot make it work with the SSL VPN client for remote users. Is there a guide on how to configure SSL Remote Access VPN when the remote users need to access not only the internal network but the site-to-site VPN? Any help would be appreciated. 

  • Create an IP Host object for the SSL VPN subnet (10.81.234.0 /24 by default) and add it as a network for the Site-to-Site VPN

    Create an IP Host object for the remote network's subnet and add it to the Permitted Network Resources in the SSL VPN configuration. 

  • Thanks for the quick reply.

    I tried this and still no luck.

    I created the IP Host for the SSL and the VPN

    I added the remote network to the  SSL VPN (Remote Access)

    On the VPN IPSEC I added both IP Host

    VPN is up and running

    I check my vpn connection logs and is creating the route.

    But still can't connect. Am I missing something?

    Thanks again for any help.

Reply
  • Thanks for the quick reply.

    I tried this and still no luck.

    I created the IP Host for the SSL and the VPN

    I added the remote network to the  SSL VPN (Remote Access)

    On the VPN IPSEC I added both IP Host

    VPN is up and running

    I check my vpn connection logs and is creating the route.

    But still can't connect. Am I missing something?

    Thanks again for any help.

Children