USG 110 - SSL VPN - NO Extension network

RobertoC
RobertoC Posts: 4
Friend Collector First Comment
edited April 2021 in Security

Hi All,

i have a problem with USG 110 with firmware 4.35

I have setup a VPN connection and enable Extension network but i can't explore my local network (ping and tracert not works too). I have add my Lan in network list and when i connect with SecuExtender i can see my subnet (192.168.2.0/24) in Routes

I think there is a problem in Security Policy because if i disable it (uncheck Enable Policy Control) i can explore my local network and ping too

I try to delete and re-create SSL VPN policy but don't solve my problem

Thanks so much

Roberto

Comments

  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    You could check the Zone setting of your SSL VPN policy.

    Then, check if the security policy is allow the VPN Zone to your local network.


  • Hi Ian,


    thanks for reply

    I have these settings

    Have you some idea?

    Thanks very much!


    Roberto

  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @RobertoC,

    It might be other rules in front of the rule 28 deny the traffic.

    You can try to move the rule 28 to the first 1 to check if that's the root cause.


    Ian

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi Roberto,


    we've got the following incomming firewall rule in place for our SSL VPN, where we have full access to our Company LAN:


  • @Ian31 @USG_User

    Hi Guys,


    thanks for reply

    I move the policy in top (i don't have policy to block, but i try it) and i have force the destination to my lan but doesn't work :(

    If i disable the Policy Control, all work perfectly :(

    I have reboot the firewall many times...

    Thanks for your help!

  • Hi all,


    for you information


    I reboot the firewall with old- Firmware ver. V4.35(AAAA.0) and now it'works again...

Security Highlight