Hot!SSL VPN remote access to multiple VLANS

Author
Gypsy Dave
Bronze Member
  • Total Posts : 24
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/09 02:07:48
  • Status: offline
2020/02/27 12:38:46 (permalink)
0

SSL VPN remote access to multiple VLANS

Hi all,
I've got SSL-VPN working with the default LAN VLAN 192.168.178.x and my remote users have access.
I want to give them access to VLAN2 192.168.7.x as well. I've added the subnet to the destination field of the rule under policy and objects, IPv4 Policy but my remote clients cant ping or reach the VLAN2 network. 
Do I need to define somewhere else too?
Regards,
Rob
#1

8 Replies Related Threads

    tanr
    Platinum Member
    • Total Posts : 790
    • Scores: 36
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 13:18:38 (permalink)
    0
    Along with the security policy, have you set up a static route?
    #2
    Gypsy Dave
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/09 02:07:48
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 13:42:47 (permalink)
    0
    tanr
    Along with the security policy, have you set up a static route?


    I've only done the security policy. Do I need a static route created manually? 
    #3
    Gypsy Dave
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/09 02:07:48
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 13:50:02 (permalink)
    0
    So I would need a static route created with the following:
    destination subnet:MY VLAN2 subnet
    Interface SSL-VPN tunnel Interface
    gateway: ???????
    #4
    lobstercreed
    Gold Member
    • Total Posts : 192
    • Scores: 23
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 14:03:33 (permalink)
    0
    Do you have any Routing Addresses defined in your SSL-VPN portal under Tunnel Mode -> Split Tunneling?  If so, you need to include the VLAN2 subnet address there as well.
    #5
    lobstercreed
    Gold Member
    • Total Posts : 192
    • Scores: 23
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 14:05:32 (permalink)
    0
    Also, I assume your VLAN2 subnet is on the same LAN interface/zone that your 192.168.178.x network is on?  If not, then your policy between the SSL-VPN and LAN will not match even though you add the additional address.  In that case you will need a separate policy for SSL-VPN to whatever interface VLAN2 is on.
     
    #6
    Gypsy Dave
    Bronze Member
    • Total Posts : 24
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/09 02:07:48
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 14:13:54 (permalink)
    0
    lobstercreed
    Do you have any Routing Addresses defined in your SSL-VPN portal under Tunnel Mode -> Split Tunneling?  If so, you need to include the VLAN2 subnet address there as well.




    I have split tunnelling enabled and nothing in Routing address. I have my source IP pool configured. Should I define the vlan2 subnet in addresses and add it to Routing address? 
    #7
    lobstercreed
    Gold Member
    • Total Posts : 192
    • Scores: 23
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 14:18:48 (permalink)
    0
    No, as long as you have a policy that includes the destination address and the appropriate user(s)/group(s) in the source, they should get the route.  They do have to disconnect and reconnect from the tunnel to see the additional route though if you've made the change after someone had already connected.
    #8
    tanr
    Platinum Member
    • Total Posts : 790
    • Scores: 36
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: SSL VPN remote access to multiple VLANS 2020/02/27 14:54:24 (permalink)
    0
    @lobstercreed, thanks for the correction on routing.  I was thinking of a different setup.
    #9
    Jump to:
    © 2020 APG vNext Commercial Version 5.5