USG 110 - SSL VPN - NO Extension network

RobertoC

Hi All,

i have a problem with USG 110 with firmware 4.35

I have setup a VPN connection and enable Extension network but i can't explore my local network (ping and tracert not works too). I have add my Lan in network list and when i connect with SecuExtender i can see my subnet (192.168.2.0/24) in Routes

I think there is a problem in Security Policy because if i disable it (uncheck Enable Policy Control) i can explore my local network and ping too

I try to delete and re-create SSL VPN policy but don't solve my problem

Thanks so much

Roberto

Ian31

You could check the Zone setting of your SSL VPN policy.

Then, check if the security policy is allow the VPN Zone to your local network.

RobertoC

Hi Ian,

thanks for reply

I have these settings

Have you some idea?

Thanks very much!

Roberto

Ian31

Hi @RobertoC,

It might be other rules in front of the rule 28 deny the traffic.

You can try to move the rule 28 to the first 1 to check if that's the root cause.

Ian

USG_User

Hi Roberto,

we've got the following incomming firewall rule in place for our SSL VPN, where we have full access to our Company LAN:

RobertoC

@Ian31 @USG_User

Hi Guys,

thanks for reply

I move the policy in top (i don't have policy to block, but i try it) and i have force the destination to my lan but doesn't work :(

If i disable the Policy Control, all work perfectly :(

I have reboot the firewall many times...

Thanks for your help!

RobertoC

Hi all,

for you information

I reboot the firewall with old- Firmware ver. V4.35(AAAA.0) and now it'works again...