Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSLVPN traffice gets filtered out

Status
Not open for further replies.
Photogregor

Photogregor

Technical User
Mar 16, 2005
4
0
0
DE
Hi,

on W7 computer I installed SSLVPN-Client (11.3.5), then I did SSLVPN-Configuration on the Firebox (x750e, 11.3.4), chose "Routed VPN Traffic" as it is determined by our customer and left all other settings as default. Client connects fine and user is authenticated by radius (SBS 2011) without problems. I can see the SSLVPN-connection details on the Firebox and ipconfig on the client shows 192.168.113.2 as IP address of TAP device. Setup of SSL VPN on Firebox created three roules, an any-rule ("Allow SSLVPN-Users") and two other rules called "WatchGuard SSLVPN" and "WatchGuard Authentication". So far everything seems to be ok.

But I cannot ping internal subnet (192.168.1.0/24). Even cannot ping 192.168.113.254, which is reported as Firebox-DHCP-Server by ipconfig. In Traffic Monitor I can see that traffic from client gets blocked. There seems to be missing another rule. I'm searching for a solution now for hours, could someone guide me into the right direction please?

Additional information: Clients IP address is 192.168.1.115, it is member of the SBS-2011-Domain.

Thanks and regards,
Stefano
 
Sort by date Sort by votes
No one, folks? Ok, I think it's difficult. Another information: When I try it in bridged mode everything works, I can ping, RDP and HTTP. But only if I set "Force all client traffic through tunnel". If I don't activate this option I have the same problems like in routed mode. Because of the fact that it works in bridged mode authentication problems can be excluded, I think.

It looks like there is a routing problem, like I have to add another rule. But which one?

Thanks a lot for any help,
Stefano
 
Upvote 0 Downvote
The 3 policies sound correct. In addition to routed/bridged mode, my XTM device has an option to either:
Allow access to networks connected through Trusted, Optional, and VLAN's
or
Specify specific allowed resources
I would expect the x750e to have that option as well. If so, make sure it is set correctly.

You could always create a new policy for testing - one that allows SSLVPN user to access trusted and optional networks, but that shouldn't be needed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
73
alex1002
alex1002
quazimotto
  • Locked
  • Question
Can't get Out
Replies
1
Views
86
quazimotto
quazimotto
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
50
ttrsux
ttrsux
jfp23
  • Locked
  • Question
ASA 5512x 9.3 version Outbound connection issues
Replies
0
Views
37
jfp23
jfp23
negley97
  • Locked
  • Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
53
negley97
negley97

Part and Inventory Search

Sponsor

Back
Top