Contacting a spesific network when on VPN

TES

I'm currently having my users connecting to our USG-310 with SSL VPN so they are able to get access to local resources, but they are unable to contact another subnet which a spesific service are running on (site-to-site VPN)

I've tried adding the VPN-Destination subnet to the network list under the SSL VPN policy and even secuextender list the correct network but still are unable to contact that network, do i need to do some routing here to make this work?

Member is the VPN group network the secuextender is joingin
Destination address is the subnet i want them to be able to access


Hopefully this makes sense, not to known with the VPN part of networking etc yet

Ian31

@TES,
You need to select the Site-to-Site VPN tunnel as Next-hop. 
Also, on the peer VPN gateway to configure the return route rule as well.

Zyxel_Stanley

Hi @TES

Your topology should be like this:

SSL VPN Client------USG#1====[VPN]====USG#2

 

At currently SSL VPN client is able access to network resource behind USG#1, but unable reach to USG#2.

You have to add policy route on both of USGs. 

On USG#1

Add policy route to route SSL VPN client traffic to USG#2.

Source: SSL VPN IP Pool, Destination: USG#2 IP Subnet, Next Hop: VPN tunnel, SNAT: none.

On USG#2

Add policy route to route traffic back to SSL VPN client.

Source: any, Destination: SSL VPN IP Pool, Next Hop: VPN tunnel, SNAT: none.

After added these rules on both of USG, then SSL VPN client should able access to network resource behind USG#2.