Contacting a spesific network when on VPN
I'm currently having my users connecting to our USG-310 with SSL VPN so they are able to get access to local resources, but they are unable to contact another subnet which a spesific service are running on (site-to-site VPN)
I've tried adding the VPN-Destination subnet to the network list under the SSL VPN policy and even secuextender list the correct network but still are unable to contact that network, do i need to do some routing here to make this work?
Member is the VPN group network the secuextender is joingin
Destination address is the subnet i want them to be able to access

Hopefully this makes sense, not to known with the VPN part of networking etc yet
I've tried adding the VPN-Destination subnet to the network list under the SSL VPN policy and even secuextender list the correct network but still are unable to contact that network, do i need to do some routing here to make this work?
Member is the VPN group network the secuextender is joingin
Destination address is the subnet i want them to be able to access

Hopefully this makes sense, not to known with the VPN part of networking etc yet

0
All Replies
-
Hi @TES
Your topology should be like this:
SSL VPN Client------USG#1====[VPN]====USG#2
At currently SSL VPN client is able access to network resource behind USG#1, but unable reach to USG#2.
You have to add policy route on both of USGs.
On USG#1
Add policy route to route SSL VPN client traffic to USG#2.
Source: SSL VPN IP Pool, Destination: USG#2 IP Subnet, Next Hop: VPN tunnel, SNAT: none.
On USG#2
Add policy route to route traffic back to SSL VPN client.
Source: any, Destination: SSL VPN IP Pool, Next Hop: VPN tunnel, SNAT: none.
After added these rules on both of USG, then SSL VPN client should able access to network resource behind USG#2.
0
Categories
- 8.5K All Categories
- 1.6K Nebula
- 72 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 227 Security Ideas
- 985 Switch
- 46 Switch Ideas
- 882 WirelessLAN
- 24 WLAN Ideas
- 5.2K Consumer Product
- 158 Service & License
- 280 News and Release
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 62 About Community
- 46 Security Highlight