Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSLVPN traffice gets filtered out

Status
Not open for further replies.

Photogregor

Technical User
Mar 16, 2005
4
DE
Hi,

on W7 computer I installed SSLVPN-Client (11.3.5), then I did SSLVPN-Configuration on the Firebox (x750e, 11.3.4), chose "Routed VPN Traffic" as it is determined by our customer and left all other settings as default. Client connects fine and user is authenticated by radius (SBS 2011) without problems. I can see the SSLVPN-connection details on the Firebox and ipconfig on the client shows 192.168.113.2 as IP address of TAP device. Setup of SSL VPN on Firebox created three roules, an any-rule ("Allow SSLVPN-Users") and two other rules called "WatchGuard SSLVPN" and "WatchGuard Authentication". So far everything seems to be ok.

But I cannot ping internal subnet (192.168.1.0/24). Even cannot ping 192.168.113.254, which is reported as Firebox-DHCP-Server by ipconfig. In Traffic Monitor I can see that traffic from client gets blocked. There seems to be missing another rule. I'm searching for a solution now for hours, could someone guide me into the right direction please?

Additional information: Clients IP address is 192.168.1.115, it is member of the SBS-2011-Domain.

Thanks and regards,
Stefano
 
No one, folks? Ok, I think it's difficult. Another information: When I try it in bridged mode everything works, I can ping, RDP and HTTP. But only if I set "Force all client traffic through tunnel". If I don't activate this option I have the same problems like in routed mode. Because of the fact that it works in bridged mode authentication problems can be excluded, I think.

It looks like there is a routing problem, like I have to add another rule. But which one?

Thanks a lot for any help,
Stefano
 
The 3 policies sound correct. In addition to routed/bridged mode, my XTM device has an option to either:
Allow access to networks connected through Trusted, Optional, and VLAN's
or
Specify specific allowed resources
I would expect the x750e to have that option as well. If so, make sure it is set correctly.

You could always create a new policy for testing - one that allows SSLVPN user to access trusted and optional networks, but that shouldn't be needed.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top