Hot!SSL VPN traffic and Virtual IP

Author
Gabana
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/30 23:24:29
  • Status: offline
2018/01/31 22:06:39 (permalink)
0

SSL VPN traffic and Virtual IP

Hi
this is Payam and this is my first post here :)
we have an issue and this is about SSL VPN and Virtual IPs
when we connect to our network with SSL VPN we can not access Objects with their Virtual IP but that object is accessible with its local IP address.
there is no same zone between SSL VPN interface and the interface that we use to access the object
also the rule is from our source , from SSL VPN interface to All with service All
 
can anyone help to solve this issue ?
#1

3 Replies Related Threads

    Toshi Esumi
    Platinum Member
    • Total Posts : 588
    • Scores: 32
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/01 09:20:29 (permalink)
    0
    First, Welcome!
    Then, does the route exist back from the objects toward the SSL VPN client IPs? Also if it's split tunnel, is the objects' subnet specified in the portal config as well as the other subnets they need to reach?
    #2
    Gabana
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/01/30 23:24:29
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/13 01:02:19 (permalink)
    0
    yes the route exists
    the problem is we can not define VIP in the rule, only if i use any ad incoming interface then we can use VIP.
    #3
    Toshi Esumi
    Platinum Member
    • Total Posts : 588
    • Scores: 32
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/13 09:40:00 (permalink)
    5 (1)
    I think the problem is extintf/extip of your VIP is bound to the external interface facing the internet. SSL VPN is coming past that interface and terminated inside. So can't access the outside of the external interface. The same thing would happen when you try accessing outside interface of VIP from a local device connected to internal interface.
    Why don't you use the local IP of the servers to access them via SSL VPN? That's the whole purpose of SSL VPN. VIP is for the access coming from Internet without a VPN.
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5