VPN users accessing IPsec joined subnet

Hi Marty,

Do you have a firewall rule for VPN to VPN communication on SG and XG both?

Thanks,

I have firewall rule on the XG which VPN clients are connecting to which is set to accept all connections from (source VPN) to (destination SG LAN).

Remote users are getting DHCP lease from DC on the XG LAN. 

Why would there need to be a rule on the SG firewall considering there is an IPsec connection between the two firewalls?

Under the L2TP settings the remote network is set to Any so I would assume it should route VPN traffic authenticated on the XG to the SG network

Thanks for the help

Hi Time Traveler and welcome to the UTM Community!

If How to allow remote access users to reach another site via a Site-to-Site Tunnel doesn't resolve your issue, do #1 in Rulz.  Any luck?

Cheers - Bob

Thanks for the update,

I had a look but I cant add the LT2P VPN pool to the remote networks in Site 2 as its using a specific range of DHCP addresses coming from our DC in Site 1 (they are already in the "Site1 LAN" remote network).

In effect I would have assumed that because LT2P users have Site 1 LAN address they could access Site 2 over site to site.

Thanks for the update,

I had a look but I cant add the LT2P VPN pool to the remote networks in Site 2 as its using a specific range of DHCP addresses coming from our DC in Site 1 (they are already in the "Site1 LAN" remote network).

In effect I would have assumed that because LT2P users have Site 1 LAN address they could access Site 2 over site to site.

So, you saw nothing relevant in either the Firewall or Intrusion Prevention log?

We would need to look at a simple diagram of what's where.  Obfuscate IPs like 82.x.y.14, 10.x.y.14 and 192.168.x.14.

Cheers - Bob